From 975f66f2eebe9dadba04f275774d4ab83f74cf25 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 14:04:41 +0200 Subject: Adding upstream version 7.7.0+dfsg. Signed-off-by: Daniel Baumann --- .../containers/podman/CHANGELOG.rst | 815 ++ .../containers/podman/CODE-OF-CONDUCT.md | 3 + ansible_collections/containers/podman/COPYING | 674 ++ ansible_collections/containers/podman/FILES.json | 1692 +++ .../containers/podman/MANIFEST.json | 35 + ansible_collections/containers/podman/Makefile | 15 + ansible_collections/containers/podman/README.md | 113 + ansible_collections/containers/podman/SECURITY.md | 4 + .../ansible-collection-containers-podman.spec | 40 + .../containers/podman/changelogs/changelog.yaml | 501 + .../containers/podman/changelogs/config.yaml | 31 + .../containers/podman/docs/.nojekyll | 0 .../_sphinx_javascript_frameworks_compat.js | 134 + .../containers/podman/docs/_static/alabaster.css | 701 ++ .../podman/docs/_static/antsibull-minimal.css | 2 + .../containers/podman/docs/_static/basic.css | 928 ++ .../containers/podman/docs/_static/custom.css | 1 + .../containers/podman/docs/_static/doctools.js | 264 + .../podman/docs/_static/documentation_options.js | 14 + .../containers/podman/docs/_static/file.png | Bin 0 -> 286 bytes .../containers/podman/docs/_static/jquery-3.5.1.js | 10872 ++++++++++++++++++ .../containers/podman/docs/_static/jquery-3.6.0.js | 10881 +++++++++++++++++++ .../podman/docs/_static/language_data.js | 199 + .../containers/podman/docs/_static/minus.png | Bin 0 -> 90 bytes .../containers/podman/docs/_static/plus.png | Bin 0 -> 90 bytes .../containers/podman/docs/_static/pygments.css | 82 + .../containers/podman/docs/_static/searchtools.js | 531 + .../podman/docs/_static/underscore-1.13.1.js | 2042 ++++ .../podman/docs/_static/underscore-1.3.1.js | 999 ++ .../containers/podman/docs/buildah_connection.html | 186 + .../containers/podman/docs/genindex.html | 102 + .../containers/podman/docs/index.html | 153 + .../containers/podman/docs/objects.inv | Bin 0 -> 1193 bytes .../containers/podman/docs/podman_connection.html | 245 + .../podman/docs/podman_container_info_module.html | 233 + .../podman/docs/podman_container_module.html | 2319 ++++ .../podman/docs/podman_containers_module.html | 198 + .../podman/docs/podman_export_module.html | 219 + .../docs/podman_generate_systemd_module.html | 547 + .../podman/docs/podman_image_info_module.html | 224 + .../podman/docs/podman_image_module.html | 785 ++ .../podman/docs/podman_import_module.html | 247 + .../containers/podman/docs/podman_load_module.html | 214 + .../podman/docs/podman_login_info_module.html | 235 + .../podman/docs/podman_login_module.html | 271 + .../podman/docs/podman_logout_module.html | 249 + .../podman/docs/podman_network_info_module.html | 219 + .../podman/docs/podman_network_module.html | 463 + .../containers/podman/docs/podman_play_module.html | 424 + .../podman/docs/podman_pod_info_module.html | 219 + .../containers/podman/docs/podman_pod_module.html | 1010 ++ .../containers/podman/docs/podman_save_module.html | 280 + .../podman/docs/podman_secret_module.html | 310 + .../containers/podman/docs/podman_tag_module.html | 202 + .../podman/docs/podman_unshare_become.html | 311 + .../podman/docs/podman_volume_info_module.html | 216 + .../podman/docs/podman_volume_module.html | 325 + .../containers/podman/docs/search.html | 121 + .../containers/podman/galaxy.yml.in | 30 + .../containers/podman/meta/runtime.yml | 2 + .../podman/plugins/become/podman_unshare.py | 144 + .../podman/plugins/connection/__init__.py | 0 .../podman/plugins/connection/buildah.py | 203 + .../containers/podman/plugins/connection/podman.py | 231 + .../podman/plugins/module_utils/__init__.py | 0 .../podman/plugins/module_utils/podman/__init__.py | 0 .../podman/plugins/module_utils/podman/common.py | 232 + .../module_utils/podman/podman_container_lib.py | 1696 +++ .../plugins/module_utils/podman/podman_pod_lib.py | 880 ++ .../containers/podman/plugins/modules/__init__.py | 0 .../podman/plugins/modules/podman_container.py | 1063 ++ .../plugins/modules/podman_container_info.py | 416 + .../podman/plugins/modules/podman_containers.py | 132 + .../podman/plugins/modules/podman_export.py | 106 + .../plugins/modules/podman_generate_systemd.py | 604 + .../podman/plugins/modules/podman_image.py | 862 ++ .../podman/plugins/modules/podman_image_info.py | 236 + .../podman/plugins/modules/podman_import.py | 157 + .../podman/plugins/modules/podman_load.py | 199 + .../podman/plugins/modules/podman_login.py | 184 + .../podman/plugins/modules/podman_login_info.py | 116 + .../podman/plugins/modules/podman_logout.py | 153 + .../podman/plugins/modules/podman_network.py | 673 ++ .../podman/plugins/modules/podman_network_info.py | 138 + .../podman/plugins/modules/podman_play.py | 311 + .../podman/plugins/modules/podman_pod.py | 415 + .../podman/plugins/modules/podman_pod_info.py | 145 + .../podman/plugins/modules/podman_prune.py | 252 + .../podman/plugins/modules/podman_save.py | 145 + .../podman/plugins/modules/podman_secret.py | 178 + .../podman/plugins/modules/podman_tag.py | 91 + .../podman/plugins/modules/podman_volume.py | 484 + .../podman/plugins/modules/podman_volume_info.py | 100 + ansible_collections/containers/podman/setup.cfg | 38 + ansible_collections/containers/podman/setup.py | 9 + .../containers/podman/test-requirements.txt | 4 + .../containers/podman/tests/.gitignore | 1 + .../podman/tests/integration/targets/__init__.py | 0 .../targets/connection/create-nonroot-user.yml | 7 + .../targets/connection/test_connection.yml | 43 + .../targets/connection_buildah/runme.sh | 34 + .../connection_buildah/test_connection.inventory | 12 + .../integration/targets/connection_podman/runme.sh | 28 + .../connection_podman/test_connection.inventory | 15 + .../targets/podman_container/tasks/main.yml | 800 ++ .../podman_container_idempotency/files/Dockerfile | 32 + .../podman_container_idempotency/files/start.sh | 5 + .../tasks/build_test_container.yml | 35 + .../tasks/idem_all.yml | 339 + .../tasks/idem_labels.yml | 200 + .../tasks/idem_network_aliases.yml | 55 + .../tasks/idem_networks.yml | 44 + .../tasks/idem_pods.yml | 83 + .../tasks/idem_ports.yml | 265 + .../tasks/idem_stopsignal.yml | 224 + .../tasks/idem_users.yml | 186 + .../tasks/idem_volumes.yml | 255 + .../tasks/idem_workdir.yml | 224 + .../podman_container_idempotency/tasks/main.yml | 46 + .../tasks/root-podman-network.yml | 71 + .../tasks/root-podman.yml | 213 + .../tasks/rootless-podman-network.yml | 229 + .../targets/podman_container_info/tasks/main.yml | 101 + .../targets/podman_containers/tasks/main.yml | 725 ++ .../targets/podman_containers/tasks/root-multi.yml | 115 + .../targets/podman_export/tasks/main.yml | 71 + .../targets/podman_generate_systemd/tasks/main.yml | 94 + .../targets/podman_image/files/Containerfile | 3 + .../targets/podman_image/tasks/main.yml | 331 + .../targets/podman_image_info/tasks/main.yml | 66 + .../targets/podman_import/tasks/main.yml | 72 + .../integration/targets/podman_load/tasks/main.yml | 91 + .../targets/podman_login/tasks/main.yml | 50 + .../targets/podman_login_info/tasks/main.yml | 64 + .../targets/podman_logout/tasks/main.yml | 56 + .../targets/podman_network/tasks/main.yml | 357 + .../targets/podman_network_info/tasks/main.yml | 62 + .../targets/podman_play/tasks/files/envdata.yaml | 9 + .../podman_play/tasks/files/play-root1.yaml | 26 + .../podman_play/tasks/files/play-root3.yaml | 31 + .../targets/podman_play/tasks/files/play1.yaml | 26 + .../targets/podman_play/tasks/files/play3.yaml | 31 + .../integration/targets/podman_play/tasks/main.yml | 130 + .../targets/podman_play/tasks/root-play.yml | 105 + .../integration/targets/podman_pod/tasks/main.yml | 883 ++ .../targets/podman_pod/tasks/net-pod.yml | 78 + .../targets/podman_pod/tasks/network-tests.yml | 43 + .../targets/podman_pod/tasks/root-pod.yml | 179 + .../targets/podman_pod_info/tasks/main.yml | 113 + .../targets/podman_prune/tasks/main.yml | 131 + .../integration/targets/podman_save/tasks/main.yml | 99 + .../targets/podman_secret/tasks/main.yml | 117 + .../integration/targets/podman_tag/tasks/main.yml | 40 + .../targets/podman_volume/tasks/main.yml | 170 + .../targets/podman_volume_info/tasks/main.yml | 71 + .../containers/podman/tests/sanity/ignore-2.10.txt | 2 + .../containers/podman/tests/sanity/ignore-2.11.txt | 2 + .../containers/podman/tests/sanity/ignore-2.12.txt | 2 + .../containers/podman/tests/sanity/ignore-2.13.txt | 2 + .../containers/podman/tests/sanity/ignore-2.14.txt | 2 + .../containers/podman/tests/sanity/ignore-2.15.txt | 2 + .../containers/podman/tests/sanity/ignore-2.16.txt | 2 + .../containers/podman/tests/sanity/ignore-2.17.txt | 2 + .../containers/podman/tests/sanity/ignore-2.18.txt | 2 + .../containers/podman/tests/sanity/ignore-2.9.txt | 2 + .../podman/tests/sanity/requirements.txt | 8 + .../tests/unit/plugins/modules/test_common.py | 19 + .../unit/plugins/modules/test_container_lib.py | 89 + 168 files changed, 60851 insertions(+) create mode 100644 ansible_collections/containers/podman/CHANGELOG.rst create mode 100644 ansible_collections/containers/podman/CODE-OF-CONDUCT.md create mode 100644 ansible_collections/containers/podman/COPYING create mode 100644 ansible_collections/containers/podman/FILES.json create mode 100644 ansible_collections/containers/podman/MANIFEST.json create mode 100644 ansible_collections/containers/podman/Makefile create mode 100644 ansible_collections/containers/podman/README.md create mode 100644 ansible_collections/containers/podman/SECURITY.md create mode 100644 ansible_collections/containers/podman/ansible-collection-containers-podman.spec create mode 100644 ansible_collections/containers/podman/changelogs/changelog.yaml create mode 100644 ansible_collections/containers/podman/changelogs/config.yaml create mode 100644 ansible_collections/containers/podman/docs/.nojekyll create mode 100644 ansible_collections/containers/podman/docs/_static/_sphinx_javascript_frameworks_compat.js create mode 100644 ansible_collections/containers/podman/docs/_static/alabaster.css create mode 100644 ansible_collections/containers/podman/docs/_static/antsibull-minimal.css create mode 100644 ansible_collections/containers/podman/docs/_static/basic.css create mode 100644 ansible_collections/containers/podman/docs/_static/custom.css create mode 100644 ansible_collections/containers/podman/docs/_static/doctools.js create mode 100644 ansible_collections/containers/podman/docs/_static/documentation_options.js create mode 100644 ansible_collections/containers/podman/docs/_static/file.png create mode 100644 ansible_collections/containers/podman/docs/_static/jquery-3.5.1.js create mode 100644 ansible_collections/containers/podman/docs/_static/jquery-3.6.0.js create mode 100644 ansible_collections/containers/podman/docs/_static/language_data.js create mode 100644 ansible_collections/containers/podman/docs/_static/minus.png create mode 100644 ansible_collections/containers/podman/docs/_static/plus.png create mode 100644 ansible_collections/containers/podman/docs/_static/pygments.css create mode 100644 ansible_collections/containers/podman/docs/_static/searchtools.js create mode 100644 ansible_collections/containers/podman/docs/_static/underscore-1.13.1.js create mode 100644 ansible_collections/containers/podman/docs/_static/underscore-1.3.1.js create mode 100644 ansible_collections/containers/podman/docs/buildah_connection.html create mode 100644 ansible_collections/containers/podman/docs/genindex.html create mode 100644 ansible_collections/containers/podman/docs/index.html create mode 100644 ansible_collections/containers/podman/docs/objects.inv create mode 100644 ansible_collections/containers/podman/docs/podman_connection.html create mode 100644 ansible_collections/containers/podman/docs/podman_container_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_container_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_containers_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_export_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_generate_systemd_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_image_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_image_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_import_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_load_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_login_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_login_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_logout_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_network_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_network_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_play_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_pod_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_pod_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_save_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_secret_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_tag_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_unshare_become.html create mode 100644 ansible_collections/containers/podman/docs/podman_volume_info_module.html create mode 100644 ansible_collections/containers/podman/docs/podman_volume_module.html create mode 100644 ansible_collections/containers/podman/docs/search.html create mode 100644 ansible_collections/containers/podman/galaxy.yml.in create mode 100644 ansible_collections/containers/podman/meta/runtime.yml create mode 100644 ansible_collections/containers/podman/plugins/become/podman_unshare.py create mode 100644 ansible_collections/containers/podman/plugins/connection/__init__.py create mode 100644 ansible_collections/containers/podman/plugins/connection/buildah.py create mode 100644 ansible_collections/containers/podman/plugins/connection/podman.py create mode 100644 ansible_collections/containers/podman/plugins/module_utils/__init__.py create mode 100644 ansible_collections/containers/podman/plugins/module_utils/podman/__init__.py create mode 100644 ansible_collections/containers/podman/plugins/module_utils/podman/common.py create mode 100644 ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py create mode 100644 ansible_collections/containers/podman/plugins/module_utils/podman/podman_pod_lib.py create mode 100644 ansible_collections/containers/podman/plugins/modules/__init__.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_container.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_container_info.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_containers.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_export.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_image.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_image_info.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_import.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_load.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_login.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_login_info.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_logout.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_network.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_network_info.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_play.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_pod.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_pod_info.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_prune.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_save.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_secret.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_tag.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_volume.py create mode 100644 ansible_collections/containers/podman/plugins/modules/podman_volume_info.py create mode 100644 ansible_collections/containers/podman/setup.cfg create mode 100644 ansible_collections/containers/podman/setup.py create mode 100644 ansible_collections/containers/podman/test-requirements.txt create mode 100644 ansible_collections/containers/podman/tests/.gitignore create mode 100644 ansible_collections/containers/podman/tests/integration/targets/__init__.py create mode 100644 ansible_collections/containers/podman/tests/integration/targets/connection/create-nonroot-user.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/connection/test_connection.yml create mode 100755 ansible_collections/containers/podman/tests/integration/targets/connection_buildah/runme.sh create mode 100644 ansible_collections/containers/podman/tests/integration/targets/connection_buildah/test_connection.inventory create mode 100755 ansible_collections/containers/podman/tests/integration/targets/connection_podman/runme.sh create mode 100644 ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/Dockerfile create mode 100755 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/start.sh create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/build_test_container.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_labels.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_network_aliases.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_networks.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_pods.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_stopsignal.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_users.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_volumes.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_workdir.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman-network.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/rootless-podman-network.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_container_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/root-multi.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_image/files/Containerfile create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_load/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_login/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_login_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_logout/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_network/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_network_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/envdata.yaml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root1.yaml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root3.yaml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play1.yaml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play3.yaml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/root-play.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/network-tests.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/root-pod.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_pod_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_prune/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_tag/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_volume/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/integration/targets/podman_volume_info/tasks/main.yml create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.10.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.11.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.12.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.13.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.14.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.15.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.16.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.17.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.18.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/ignore-2.9.txt create mode 100644 ansible_collections/containers/podman/tests/sanity/requirements.txt create mode 100644 ansible_collections/containers/podman/tests/unit/plugins/modules/test_common.py create mode 100644 ansible_collections/containers/podman/tests/unit/plugins/modules/test_container_lib.py (limited to 'ansible_collections/containers') diff --git a/ansible_collections/containers/podman/CHANGELOG.rst b/ansible_collections/containers/podman/CHANGELOG.rst new file mode 100644 index 000000000..1a53a5460 --- /dev/null +++ b/ansible_collections/containers/podman/CHANGELOG.rst @@ -0,0 +1,815 @@ +================================================ +Ansible Podman modules and plugins Release Notes +================================================ + +.. contents:: Topics + + +v1.10.2 +======= + +Release Summary +--------------- + +Bugfixes and docs changes + +Bugfixes +-------- + +- Add hooks-dir parameter for containers +- Add idempotency for restart-policy for containers +- Add missing options to podman network +- Add more explanation about cmd_args command usage +- Add stdout to podman build and push actions +- Added support for "userns" parameter to "play" module +- CI - fix pip installation of the collection +- CI - fix podman play job for 4.4.x versions +- Change yes/no to true/false in the modules +- Convert str to json format before evaluating length. +- Fix CI for newest Ansible branch 2.16 +- Fix idempotency for pods with uidmap and gidmap +- Fix idempotency lowercase for devices +- Fix network tests for Podman v4 +- Fix podman logout tests for v4 +- Fix pylint issues for CI ansible-test +- Fix undesirable splitting of IPv6 host addresses +- Improved documentation of `podman_generate_systemd` module +- Prepare CI for Podman v3 backward compatibility +- Support SHA256 tag for podman images +- Update podman_image to specify CPU arch when pulling image +- added podman_prune module +- become plugin podman_unshare become_user default +- fix for buildah improper remote target +- for pod kube recreate +- pod - Support passing multiple networks with params +- podman-login - fix FIPS md5 issue and registry requirement +- podman-pod - Fix idempotency for pods in 4.4.x versions +- podman_systemd - Ignore header when comparing systemd files content + +v1.10.1 +======= + +Release Summary +--------------- + +Bugfixes and minor docs changes + +Minor Changes +------------- + +- Add missed docs for modules + +Bugfixes +-------- + +- podman_systemd_generate - allow empty string for prefixes +- podman_unshare - Fix docs for podman_unshare become plugin + +v1.10.0 +======= + +Release Summary +--------------- + +New modules, become plugin and bugfixes. + +Major Changes +------------- + +- New become plugin - podman_unshare +- Podman generate systemd module + +Minor Changes +------------- + +- Add --sdnotify option for container +- Add example unittest for container lib +- Add protection for systemd files deletion +- Add unittests for Ansible Podman modules +- Check for gha updates weekly using dependabot +- Fix PEP8 issue in podman_image +- Fix building image with buildah and become +- Fix docs issues in podman_image +- Warning about improperly configured remote target +- add required argument to example +- docs - added simple extra_args example +- generate_systemd - implement --wants, --after and --requires +- podman_image - add file parameter for Containerfile location + +Bugfixes +-------- + +- Delete systemd files when container/pod is deleted +- Fix example in systemd generate module +- Fix expanduser in path for systemd generation +- Fix idempotency for labels in pods +- Fix podman load module for Podman 4 +- Fix rerunning playbooks with generate_systemd --new +- Improve idempotency for devices mount of rootless podman +- Improve networks idempotency for v4 +- Support passing multiple networks with params +- fix pod running status for older podman versions +- podman_container should ensure image by using os path if rootfs is used + +v1.9.4 +====== + +Release Summary +--------------- + +Bugfixes and minor changes + +Minor Changes +------------- + +- Remove distutils as deprecated +- Run CI on Ubuntu 22.04 +- Use 2.13 Ansible version in CI jobs instead of 2.11 + +Bugfixes +-------- + +- connection_podman - Add missing docstring for method that executes the podman commands +- podman_container - Change IpcMode default to shareable +- podman_container - Disable memory idempotency +- podman_container - Fix typo in the documentation +- podman_image - Update `podman_image` to remove image with image id +- podman_load - Loop over image names when multiple images present in archive +- podman_login - Fix idempotency for podman_login +- podman_network - Allow specify podman_network options MTU and VLAN separately +- podman_network - Fix internal networks idempotency +- podman_play - Fix play_kube not working when yaml not installed on target +- podman_play - Pass errors as a string instead of list +- podman_pod - Change network attribute from str to list in pods +- podman_pod - Fix pod network idempotency +- podman_pod - Fix pod tests in CI +- podman_pod - Fix pods list retrieve + +v1.9.3 +====== + +Release Summary +--------------- + +Bugfixes and minor changes + +Minor Changes +------------- + +- Fix sanity issues with a new Ansible version + +Bugfixes +-------- + +- Remove idempotency for log level + +v1.9.2 +====== + +Release Summary +--------------- + +Bugfixes and new requires option for podman_container + +Minor Changes +------------- + +- Add requires option to podman_container module + +Bugfixes +-------- + +- Add slirp4netns idempotency for pods +- Fix MAC address detection in created container +- Fix check for read-only change of root image in podman_container module +- Fix error with exitcommand for Podman v4 +- Fix issue when missing plugins entry in podman_network module +- Fix new requirements for plugins documentation +- Fix podman collection for Podman version 4 +- Fix tests for podman_container module +- Strip slashes from volumes + +v1.9.1 +====== + +Release Summary +--------------- + +Bugfixes and new options for Pods + +Minor Changes +------------- + +- Add new options for pod module +- Use yaml syntax highlighting where appropriate + +Bugfixes +-------- + +- Fix podman_pod_lib behavior for ports published to multiple IPs +- Handle tlsverify correctly in podman_login +- Update secrets description and add test with secret opts + +v1.9.0 +====== + +Release Summary +--------------- + +New podman_tag module and fixes + +Major Changes +------------- + +- Add podman_tag module +- Add secrets driver and driver opts support + +Minor Changes +------------- + +- Add a second example to podman_pod_module.html + +Bugfixes +-------- + +- Don't include shared 'net' if network is host in pods + +New Modules +----------- + +- containers.podman.podman_tag - Add an additional name to a local image + +v1.8.3 +====== + +Release Summary +--------------- + +Bugfixes + +Bugfixes +-------- + +- Add documentations for generate_systemd +- Hardcode RT signal numbers +- Remove default value of log-driver +- Support --new in generate_systemd + +v1.8.2 +====== + +Release Summary +--------------- + +Fixes for various modules + +Bugfixes +-------- + +- Add option for ansible-core in RPM spec file +- Add skip option for podman secret +- Add support for network-alias flag +- Allow to actually pass a list of string for "mounts" +- Don't add newlines to secrets +- Fix issue with podman and exposed ports +- Fix signal diff for truncated and RT signal names +- Support empty stings in prefixes +- Update error message when pull set to false + +v1.8.1 +====== + +Release Summary +--------------- + +Fixes for systemd units generation + +Bugfixes +-------- + +- Add .service extension to systemd files +- Add aliases for image load/save +- Change python version for ansible-core to 3.9 +- Fix suboption key in podman_container/podman_pod for generate_systemd documentation + +v1.8.0 +====== + +Release Summary +--------------- + +New modules for images and containers + +Major Changes +------------- + +- Add systemd generation for pods +- Generate systemd service files for containers + +New Modules +----------- + +- containers.podman.podman_export - Export a podman container to tar file +- containers.podman.podman_import - Import Podman container from a tar file +- containers.podman.podman_load - Load image from a tar file +- containers.podman.podman_save - Saves podman image to tar file + +v1.7.1 +====== + +Release Summary +--------------- + +Bugfixes and new features + +Bugfixes +-------- + +- Add support for podman pod create --infra-name +- Fix idempotency when containers have a common network +- Remove idempotency leftovers of volumes GID,UID + +v1.7.0 +====== + +Release Summary +--------------- + +New module - Podman secret + +Minor Changes +------------- + +- Podman secret module + +New Modules +----------- + +- containers.podman.podman_secret - Manage podman secrets + +v1.6.2 +====== + +Release Summary +--------------- + +Bugfixes for idempotency and pipelining + +Bugfixes +-------- + +- Add meta/runtime.yml which is required for Galaxy now +- Avoid exposing pipelining support for podman connections +- Change present state to be as created state +- Disable no-hosts idempotency +- Fix idempotency with systemd podman files +- Remove idempotency for volume UID/GID + +v1.6.1 +====== + +Release Summary +--------------- + +Bugfix for podman_container_info + +Bugfixes +-------- + +- Fix failure when listing containers + +v1.6.0 +====== + +Release Summary +--------------- + +New module podman_play for playing Kubernetes YAML and bugfixes + +Minor Changes +------------- + +- Add Ansible 2.11 to all tests and use Ubuntu 20.04 +- Add Ansible 2.11 to testing +- Add RPM building scripts +- Add support for timezones in containers + +Bugfixes +-------- + +- Fix ansible-test issues for CI +- Fix idempotency for environment +- Fix ipv6=false issue +- Fix multi-containers options +- Fix overlayfs issue in CI for buildah connection + +New Modules +----------- + +- containers.podman.podman_play - Play Kubernetes YAML files with Podman + +v1.5.0 +====== + +Release Summary +--------------- + +New module - Podman login + +Minor Changes +------------- + +- Podman login module + +New Modules +----------- + +- containers.podman.podman_login - Login to a container registry using podman + +v1.4.5 +====== + +Release Summary +--------------- + +Additional fixes for newest version 3 of Podman + +Bugfixes +-------- + +- Add IPv6 support for publishing ports +- Add sigrtmin+3 signal (required for systemd containers) +- Add support for Podman Pod restart +- Convert IPv6 to shorten form +- Fix error with images info where no images +- Fix idempotency for rootless networks from v3 +- Fix no_log for newer ansible-test +- Fix uppercase labels idempotency issue +- Stop pods without recreating them + +v1.4.4 +====== + +Release Summary +--------------- + +Fixes for newest version 3 of Podman + +Bugfixes +-------- + +- Attempt graceful stop when recreating container +- Don't calculate image digest in check mode +- Fix internal networks and DNS plugin for v3 +- Fix podman_pod* modules for Podman v3 +- Fixes for podman_container for Podman v3 + +v1.4.3 +====== + +Release Summary +--------------- + +Documentation fixes and updates + +Bugfixes +-------- + +- Add docs generation +- Update documentation + +v1.4.2 +====== + +Release Summary +--------------- + +Bugfixes for podman container + +Bugfixes +-------- + +- documentation - Add docs to Github +- podman_container - Add 'created' state for podman_container +- podman_container - Change default log level for 3+ versions +- podman_container - Convert systemd option to a string +- podman_container - Don't recreate container if env_file is specified +- podman_container - Fix 'cap_add' and 'cap_drop' idempotency +- podman_container - Fix idempotency for multiple ports +- podman_container - Fix slirp4netns options idempotency +- podman_container - Fix uid/gid checks for podman 1.6.4 volumes +- podman_container - Handle slash removals for root volumes mount +- podman_container - Restart container in a simple manner +- podman_container - podman_container_lib - fix command idempotency +- podman_image - Add debug log and podman_actions to podman_image +- podman_image - Don't set default for validate-certs in podman_image + +v1.4.1 +====== + +Release Summary +--------------- + +Bugfixes for podman container + +Bugfixes +-------- + +- podman_container - Convert gidmap to list for podman_container +- podman_container - Convert log-opts to dictionary and idempotent + +v1.4.0 +====== + +Release Summary +--------------- + +New modules and bugfixes, new network options + +Minor Changes +------------- + +- podman_container - Add log level for Podman in module +- podman_container - Add mac_address field to podman_container module +- podman_container - Add strict image compare with hashes +- podman_container - Improve compatibility with docker_container by adding aliases +- podman_container - Move containers logic to module utils +- podman_image - reuse existing results in present() +- podman_network - Add IPv6 to network +- podman_network - Add support of network options like MTU, VLAN +- podman_pod - Move pod logic to separate library + +Bugfixes +-------- + +- podman_container - Fix force restart option for containers +- podman_container - Fix idempotency for volume GID and UID +- podman_container - Fix no_hosts idempotency for newer version +- podman_container - Remove 'detach' when creating container +- podman_image - Fix doc defaults for podman_image +- podman_logout - Handle podman logout not logging out when logged in via different tool +- podman_network - Correct IP range example for podman_network + +New Modules +----------- + +- containers.podman.podman_containers - Manage multiple Podman containers at once +- containers.podman.podman_login_info - Get info about Podman logged in registries +- containers.podman.podman_logout - Log out with Podman from registries + +v1.3.2 +====== + +Release Summary +--------------- + +bugfixes + +Bugfixes +-------- + +- podman_container - Fix signals case for podman_container + +v1.3.1 +====== + +Release Summary +--------------- + +bugfixes + +Bugfixes +-------- + +- multiple modules - fix diff calculation for lower/upper cases +- podman_container - Add note about containerPort setting +- podman_container - Fix init option it's boolean not string +- podman_container - Remove pyyaml from requirements +- podman_network - Check if dnsname plugin installed for CNI +- podman_volume - Set options for a volume as list and fix idempotency + +v1.3.0 +====== + +Release Summary +--------------- + +New podman_network module and bugfixes + +Minor Changes +------------- + +- Create podman_network module for podman networks management + +Bugfixes +-------- + +- podman_volume - Fix return data from podman_volume module + +New Modules +----------- + +- containers.podman.podman_network - Manage Podman networks + +v1.2.0 +====== + +Release Summary +--------------- + +Add changelog file. + +Minor Changes +------------- + +- Add changelog file to collection. + +v1.1.4 +====== + +Release Summary +--------------- + +Pip install and minor fixes. + +Minor Changes +------------- + +- Add pip installation for podman collection. + +v1.1.3 +====== + +Release Summary +--------------- + +Idempotency fixes for podman containers. + +Bugfixes +-------- + +- podman_container - Fix idempotency for case with = in env +- podman_container - Fix issue with idempotency uts, ipc with pod + +v1.1.2 +====== + +Release Summary +--------------- + +Urgent fix for podman connection plugin. + +Bugfixes +-------- + +- podman_connection - Chown file for users when copy them to container + +v1.1.1 +====== + +Release Summary +--------------- + +New modules for volumes management. + +Minor Changes +------------- + +- Create podman_volume module for volumes management + +Bugfixes +-------- + +- podman_volume_info - Improve podman volume info tests with new module + +New Modules +----------- + +- containers.podman.podman_volume - Manage Podman volumes + +v1.1.0 +====== + +Release Summary +--------------- + +New modules for pods management. + +Minor Changes +------------- + +- Add podman pod and pod info modules + +Bugfixes +-------- + +- podman_container - Fix idempotency for networks and add tests + +New Modules +----------- + +- containers.podman.podman_pod - Manage Podman pods +- containers.podman.podman_pod_info - Retrieve information about Podman pods + +v1.0.5 +====== + +Release Summary +--------------- + +Idempotency and another bugfixes for podman connection plugin. + +Bugfixes +-------- + +- podman_connection - Add check for empty dir for podman connection mount +- podman_connection - Increase verbosity for mount failure messages +- podman_container - Improve idempotency for volumes with slashesAdd idempotency for ulimits and tests +- podman_container - Improve ports idempotency and support UDP + +v1.0.4 +====== + +Release Summary +--------------- + +Idempotency and Podman v2 fixes + +Bugfixes +-------- + +- podman_container - Add idempotency for ulimits and tests +- podman_container - Fix idempotency for podman > 2 versions + +v1.0.3 +====== + +Release Summary +--------------- + +Relicense under GPLv3 and clean up modules + +Minor Changes +------------- + +- Relicense under GPLv3 and clean up modules + +v1.0.2 +====== + +Release Summary +--------------- + +Idempotency fixes + +Bugfixes +-------- + +- podman_container - Add idempotency for existing local volumes + +v1.0.1 +====== + +Release Summary +--------------- + +Idempotency and images improvements + +Bugfixes +-------- + +- podman_container - Add inspect of image and user idempotency +- podman_image - Add option for tls_verify=false for images + +v1.0.0 +====== + +Release Summary +--------------- + +Initial release of collection with new modules + +Minor Changes +------------- + +- buildah_connection - add support of specific user +- buildah_connection - added Buildah connection rootless +- podman_connection - add user flags before container id in podman exec + +Bugfixes +-------- + +- buildah_connection - Fix buildah debug output for py2 +- podman_connection - Run pause=false w/o message condition +- podman_container - Add idempotency for user and stop signal +- podman_container - Fix idempotency issues with workdir and volumes +- podman_container - Fix image, healthcheck and other idempotency +- podman_container - Improve idempotency of podman_container in uts, ipc, networks, cpu_shares +- podman_image - only set changed=true if there is a new image +- podman_image - use correct option for remove_signatures flag + +New Modules +----------- + +- containers.podman.podman_container - Manage Podman containers +- containers.podman.podman_network_info module - Retrieve information about Podman networks diff --git a/ansible_collections/containers/podman/CODE-OF-CONDUCT.md b/ansible_collections/containers/podman/CODE-OF-CONDUCT.md new file mode 100644 index 000000000..3833bfad0 --- /dev/null +++ b/ansible_collections/containers/podman/CODE-OF-CONDUCT.md @@ -0,0 +1,3 @@ +## The Podman Ansible Collections Project Community Code of Conduct + +The Podman Ansible Collections project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md). diff --git a/ansible_collections/containers/podman/COPYING b/ansible_collections/containers/podman/COPYING new file mode 100644 index 000000000..f288702d2 --- /dev/null +++ b/ansible_collections/containers/podman/COPYING @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/ansible_collections/containers/podman/FILES.json b/ansible_collections/containers/podman/FILES.json new file mode 100644 index 000000000..91a086b4b --- /dev/null +++ b/ansible_collections/containers/podman/FILES.json @@ -0,0 +1,1692 @@ +{ + "files": [ + { + "name": ".", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "README.md", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0b3c0bf86d855ce3b4341bf6f72a5ea3e6300c09ca88d793ca3b149175eaa30c", + "format": 1 + }, + { + "name": "meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "meta/runtime.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f07aa47b7583a6a8420798081029b8cdfb09cbf5564acff6f49b6c3237102618", + "format": 1 + }, + { + "name": "tests", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/.gitignore", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b5726d3ec9335a09c124469eca039523847a6b0f08a083efaefd002b83326600", + "format": 1 + }, + { + "name": "tests/integration", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_containers", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_containers/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_containers/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "797fea2fb07c77406b8bb15ea7ff2e4be6105e75664c4b2f2660dd17c5b19c99", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_containers/tasks/root-multi.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "99e92a4d72c87817aa74687d7a9fc99da5adbeeaffb04fa8da55cac88d2082ad", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_generate_systemd", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_generate_systemd/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_generate_systemd/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "543282244455a56c9e012885bf5f9c55eb53992356886d734530768908b18069", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5d60cdf4f76199919395dd477e7feb32d8ebbb4b736d0a13052290a3fcb5e5e3", + "format": 1 + }, + { + "name": "tests/integration/targets/connection", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/connection/test_connection.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3b9bd8af9cbdf99e7d47189d08b57d0eb5030fde078c88a3387d2af701ae85a8", + "format": 1 + }, + { + "name": "tests/integration/targets/connection/create-nonroot-user.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7af8e41655a36f526418cadf93e37da7117cc67761e34ab9c41b68ac8c00a268", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c68fe4de7794a839e5535e7fa3e258f23eb7c741f5a593b8c678549599fcae3f", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f04166aa3908442835ca6e7f747429d54cdeb8bcbf272e3977de79f3ad653271", + "format": 1 + }, + { + "name": "tests/integration/targets/connection_podman", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/connection_podman/runme.sh", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "06a213f3e9c159069f1fd055653438f8487d1b8939ee735a0025b151ef2a4626", + "format": 1 + }, + { + "name": "tests/integration/targets/connection_podman/test_connection.inventory", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f75a535c614dbdf71e61eb605b4bd1e857bbec85ff3ae9da0eff6f138f1ae56d", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_stopsignal.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "262e884e0b4a561fbc57726f13763e3b07a92786386c9a5c7ccd13270e38b475", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e38f46049fc88b6b07346be2f74e8ff28a17fb93a0fd7832cde1aa593686584f", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_labels.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d375e2ec31f9f9d16adca8328db880ee3d0b56238db5686ac9bbb0dcc2017fe7", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/build_test_container.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a61627e2d0be2e1400f0d0f60df5d636eea74b18aa87fa2a0d7eb4c419c2a8ae", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_users.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "36f44ffaa058046e62d0e53be0f7edf8232d9145ec44a948c64c15d0c0c3cd23", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/root-podman-network.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ab1cc0f347537ab4403395b2b2b43f815fe49c7ae35b88b498931fdcb33abd75", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_networks.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3a0f1de00361a8381b06934149d6433afd307d010d7396be307f7d7f6f27a52e", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_volumes.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5e330c3f7359aaf7e6e3379db977b909e04bcec89b894f1f8f0d44dfebdecffd", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "18e691763a36d0d76768bd211cc725b9fd5920bb7602bf0d7cdbcffd3f573fed", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/rootless-podman-network.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a4d6028c7466608b10983c9acf25af9b99d9ce0aa27ed17500af287d28070af4", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_workdir.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "23d729589e61ae790bd81b281f89b48b443b830cf3a6932eb0bdf4289289f677", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "41538dd47dfa1197c8c984f9e1f47f84cf5a8a35ec7a2c0f0f6388cc9d52daef", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_pods.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "53d129901494fa24a8075ade0576e2536ae3cbfc5d8fb8d116a10978594a6a49", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ed7d2ee3e9e352efc0266c2264469b3f759f1630562794c98f5da83949506bec", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/tasks/idem_network_aliases.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "04c6bf4fd56edcc1a49a47e98f448c89cf8e90e1d7d67db9997f0af94ef09dc6", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/files", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/files/start.sh", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bb80ab18f5df29c7c77f8acea5285af4f0f4d1ddac161801d0ff26ac242c2d86", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_idempotency/files/Dockerfile", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "002a8a2bf46c5da32a3583bc93c08347c6f7e16c51cd5abdf562d77df313da5c", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5156c546ca2b45f035ae5b28a7220e06c4fb8051f93a6077e0308b06cafa15b3", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "504161866489c1cf29ac448d3300b9ca801bd0feb0f2cc9fa93368e578290689", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image/files", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image/files/Containerfile", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ec6bc9968ca494ec22fcb0bed27fc12ddf2241fea1fe58d0d8a4f0b33487b506", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod/tasks/network-tests.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9a8a2c641891bca7bd86d7c984970b869bad967b127d9ea5cad004dbb7bf1401", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8b9f85c31703910db51bd2ab49a1e8d97d1acecc4581ce9e8523654cd9341f75", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod/tasks/net-pod.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3b7ac39a1292fc65b9c3aa27d9d83e436414749e62011f3b278b8e46e8005b29", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_pod/tasks/root-pod.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "32a941c1ab343de12be5b6b942885697a47a90e70b4ba8b8f6b41830fd748be7", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d951a17810a5d38195f5b6b9f2b61997be78c33f425b3d6c8424250d658d4115", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_export", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_export/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_export/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "76181438486472743107a963f54f04b10abb52a8c5c14599b065b01a503a5021", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_image_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4f201709a3c5b823be22d4d3cc6470386f652eceaff37b5bf3acf6a05175a060", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_prune", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_prune/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_prune/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "724466a522dc7a0d89201a540856373a6613e11f6869faf0accfe01497c972c8", + "format": 1 + }, + { + "name": "tests/integration/targets/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_tag", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_tag/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_tag/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2d0f2ae65dac8386961528eb33d02de73fe60026cb5566ffa68b4467b7c45678", + "format": 1 + }, + { + "name": "tests/integration/targets/connection_buildah", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/connection_buildah/runme.sh", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b4d64b01f03eb7aa81f3fbe7202c816188bc8432fedccb5251feeb330f7c16e4", + "format": 1 + }, + { + "name": "tests/integration/targets/connection_buildah/test_connection.inventory", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5012fc0a2af812b87b675f31cd605ecf8d80fe32667b6ed20ea51fe0c8685742", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_volume/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fcf996710e030b8188cd7f49daa73c153c23513dfedcacea9e22615223ce8d7d", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_login_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21ef50fdd0d92d39240b082c1f9ba3782478e615863d3e8d9a0960b175b8158e", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_logout", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_logout/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_logout/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2e1c3fcd8cd0d917e7faad2dc447381ec2ccff2bc3a57b02060cd965ffbb45c1", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_import", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_import/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_import/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "97b2238ac4c41ff1480ce080f0d3b495b4e36ace1e00e0bd93664840a3e8bc52", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/root-play.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "65c0fccbaf7c464b539f895addc0cf3e7536f9cb8b9f7d8e28725a90d345326b", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1d9542a076df468e5e3abca07b9c319fb13ec825adef5250744d88155e44b0b1", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files/play-root1.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "049f1ad67c57e019423f28c77ca8cec13e714ae8727fedfde71792ec56131344", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files/envdata.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d5ebdb092f5473ae5174dfbac83b6623343326f308d02eea8fb58fbb7b42d264", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files/play-root3.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3e26cb69976a1b7d1f79a5dafc74e368d9297bb63b29c1c213d5bbddc0e62bf3", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files/play1.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1031804932a82f741e8cddaa397e73554e4784a790a3d4493d1b5c8f5f6bbf7e", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_play/tasks/files/play3.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c92c31b3ad0cd9992a6a9e391d07d69b2b9f3cc39b410e1cbc710bda40323b3d", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_load", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_load/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_load/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "078d5ae2eb9bf74046e34c6e7c003e87bb6e08f1a6fd49fcf5d6bb2174bae393", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_info", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_info/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_container_info/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f753b105c6b8ca293911422dc3372b82e98ba5b3f7065cac0a20976933a0c03f", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_save", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_save/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_save/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "152d5451d258a629cf21d5ac5acf315ea2bb578115266d9c14c5f9938462621e", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_network/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b7659bb415aa72e1ff4ec1b2fc681ce7261fccdaa21804c1ecc9e9ee1a3b2cd0", + "format": 1 + }, + { + "name": "tests/integration/targets/podman_secret", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_secret/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/podman_secret/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7543b23822eadfd9b37e99024b34fc48ae386434266b4efd17d0a41f6b4a33b9", + "format": 1 + }, + { + "name": "tests/sanity", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.12.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.15.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.14.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.11.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.10.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.17.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.13.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/requirements.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "471c16a6346df1b74757306a436cbab143fe65c30e6f9cda1f5c7179d6012b73", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.16.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.18.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.9.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "361bd77aa7cbdafdfcdec95128188299e4641bcce983571a747031794cca7cf5", + "format": 1 + }, + { + "name": "tests/unit", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/unit/plugins", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/unit/plugins/modules", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/unit/plugins/modules/test_common.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "79b1c212210b13bb60b8d97b140351ce088707f3574b8fc61b076e827e050891", + "format": 1 + }, + { + "name": "tests/unit/plugins/modules/test_container_lib.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "08beb5d507944be15d2c0e01081fa99c43d522e813d5ecde2b038d71132e2d7d", + "format": 1 + }, + { + "name": "CHANGELOG.rst", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c91227ecab2f8122e75b90edd2b186e056c2d6b24bdebb8f551c89a88c768a23", + "format": 1 + }, + { + "name": "Makefile", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "77424e5d6417f24ffd8e4d00d85e942ba4eaa912129ae01f5f4e26a2e2500d2d", + "format": 1 + }, + { + "name": "test-requirements.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9b72b7289eba420f51eb614c54f609181bb26e96caef2abf06c02339a77d2e08", + "format": 1 + }, + { + "name": "docs", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "docs/index.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "185ddc1721b3221ee5e7120d9d0e3adaa2c155c873a785de928e4a576666d126", + "format": 1 + }, + { + "name": "docs/podman_container_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "edb8ac79d7335e63e33af1f64a0b20d704b232889b521e213176af2132cdf641", + "format": 1 + }, + { + "name": "docs/podman_image_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3f23f7e10a40ec55e13ea420a0fa83ac0610bdd43c84514a6c1708c9ebf1aa62", + "format": 1 + }, + { + "name": "docs/genindex.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1ec8cab9fc5e738f4f0f78d64cd45e5a79dc740a2e9cb3bc3abdf695826182bb", + "format": 1 + }, + { + "name": "docs/podman_import_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ff204d6cf91daddb150da0f34fbc4bfa28cf84c4f3ed104b55f7b6320b72a507", + "format": 1 + }, + { + "name": "docs/podman_image_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "82972948a66e20a17482602179d6abb9b7f2cc0cea3cd82a5ef1e41735cb075e", + "format": 1 + }, + { + "name": "docs/buildah_connection.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "93ed4e1dbc108b8f150d2cb401e6625ecaf9f0ca562c181a24eacdb261afea0a", + "format": 1 + }, + { + "name": "docs/podman_secret_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "50d7b2b70d923adad42b6ae667fd13833a5bb7440b20033d6db25a5650c5bfce", + "format": 1 + }, + { + "name": "docs/podman_logout_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "31cea0f1d2a99ee5b74a348e2b22351e19e71c0b74c250a69c17619eb93f9399", + "format": 1 + }, + { + "name": "docs/search.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fc191e9241bb8ed264113aa901ad1710ab417f654cba2ee4df18c2f88adb546e", + "format": 1 + }, + { + "name": "docs/podman_tag_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "286f10cd2fbb608af76c93e19f4f8a644679e0b539bbe97c3e04871a27de0beb", + "format": 1 + }, + { + "name": "docs/podman_container_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2effbe440fd15457380d9fa62538b076ec71f34bfcb4230aa090d9ab05c785fd", + "format": 1 + }, + { + "name": "docs/podman_generate_systemd_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9614cb03e529a0daa3f181cd03788c23a236c2d1b8198472c83c1667bfdd6e35", + "format": 1 + }, + { + "name": "docs/podman_login_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5180bc765d44dc6395816994f83cd12cd30bf1caf881962529d2741ec971302e", + "format": 1 + }, + { + "name": "docs/podman_pod_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e2e58e25cb5373dd3e9fe01da3b1471a9d9fa8f5ca2ee2e3ca4227d710a0f385", + "format": 1 + }, + { + "name": "docs/podman_containers_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e6ed48ef52885c81febd5ee84dda4585a1907cdca3246eb08204e84240bd2168", + "format": 1 + }, + { + "name": "docs/podman_export_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8091049e24f2e429269a073fda43b81e06bd552cf6f5b5cd8edff5c797f0ff01", + "format": 1 + }, + { + "name": "docs/objects.inv", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "871ab2d351de046dfc0d83739444a54bb8b34702c5017616f2e2bcb2237448d4", + "format": 1 + }, + { + "name": "docs/podman_pod_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "58878ee64019153f5ebf9bd5d8e47d8f3ae141c275f318e527ae23b36c7f2369", + "format": 1 + }, + { + "name": "docs/podman_volume_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7441ad5b659575e7ec7d3dc89500fd4d29bea2c456c13b5c086b80f24c908c95", + "format": 1 + }, + { + "name": "docs/podman_connection.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "83eee35fb4ee177d2e7d3798a53887d09c1add7c3788db0fb3e3135002d151f0", + "format": 1 + }, + { + "name": "docs/searchindex.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "65795b29053a20d81c47a9f5ccbb3d444758e6e69e56bb79b6d162a660be81fa", + "format": 1 + }, + { + "name": "docs/podman_save_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "351f0fdcecff606697d28aa5da60b2898648f3d9c345fe28ca4e1af0905de0b6", + "format": 1 + }, + { + "name": "docs/_static", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "docs/_static/underscore-1.3.1.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f808f0aa32fbe90fb9c9c846917faff3fdd4e236c284b76c02dd33753dc90177", + "format": 1 + }, + { + "name": "docs/_static/language_data.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d35fde9e52ed4840ec7ed105ddb3302a26eb0f53aa151a9491a2dcce0f5d2534", + "format": 1 + }, + { + "name": "docs/_static/basic.css", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21cccb74c6cea5f81052a7e3b64e2a61b4e934d396382b9968a836011ab8d332", + "format": 1 + }, + { + "name": "docs/_static/pygments.css", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8e0f0718d231994572a476aac9828c7208632904ad4078e827cbbc536850b154", + "format": 1 + }, + { + "name": "docs/_static/antsibull-minimal.css", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6125dd128e20a65c5ae85d7a10fa9217fa572a19249de5a43cff411d11f367f5", + "format": 1 + }, + { + "name": "docs/_static/alabaster.css", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "67e598979516bfa32eae490cfc05ae76e54632b33ab722610ea0e51a8ae6fc6f", + "format": 1 + }, + { + "name": "docs/_static/documentation_options.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "63ac2f97b3d9aabd7b35be07ba3a9167215166a512964d4190dca09de7c306fe", + "format": 1 + }, + { + "name": "docs/_static/jquery-3.5.1.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37", + "format": 1 + }, + { + "name": "docs/_static/jquery.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e", + "format": 1 + }, + { + "name": "docs/_static/underscore-1.13.1.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cc10f799cd0f6b65f95c4012445497e5ba3cb9f51964a9468940b27bde98b487", + "format": 1 + }, + { + "name": "docs/_static/minus.png", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "47e7fc50db3699f1ca41ce9a2ffa202c00c5d1d5180c55f62ba859b1bd6cc008", + "format": 1 + }, + { + "name": "docs/_static/file.png", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5c4bc9a16aebf38c4b950f59b8e501ca36495328cb9eb622218bce9064a35e3e", + "format": 1 + }, + { + "name": "docs/_static/jquery-3.6.0.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239", + "format": 1 + }, + { + "name": "docs/_static/searchtools.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "306bb4ed7f0208f81bea031e26b9bf893360fe072a1707b04b3097dbed5d58ff", + "format": 1 + }, + { + "name": "docs/_static/custom.css", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "39f23a6561786e3cb4e33e4a96562a1305a8b74c0d45dc215a64018692cd5d4c", + "format": 1 + }, + { + "name": "docs/_static/plus.png", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "54115199b96a130cba02147c47c0deb43dcc9b9f08b5162bba8642b34980ac63", + "format": 1 + }, + { + "name": "docs/_static/doctools.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2985f25f79e5ddcd1ed494ca63fc85f215f79e0cd156e622ce2bf3cf2cd9445f", + "format": 1 + }, + { + "name": "docs/_static/_sphinx_javascript_frameworks_compat.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2f1e30341b31300bdc3af29ee4a64e0f40ed15492345387bb47542d9b9b4813c", + "format": 1 + }, + { + "name": "docs/_static/underscore.js", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "218fb1c1fc72e9af6b866f430be2a67fa376392b4db2f4dbf32772671b6ae55c", + "format": 1 + }, + { + "name": "docs/podman_unshare_become.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "98ad9b1c13eafc87a9182d2b934b33ae431d6607cc5469a5e7b1b496a6bf5c5b", + "format": 1 + }, + { + "name": "docs/.nojekyll", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "docs/podman_network_info_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6a3de5a6848663951e2fedb6b468d9f58133efca85e9765785c7acd4c2f35154", + "format": 1 + }, + { + "name": "docs/podman_volume_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "50ee43177d24a0bdffc49d96633f4a7a3936621796bbd8df2ece02c206d650cc", + "format": 1 + }, + { + "name": "docs/podman_network_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1d708c0671a60a91600fa5f15367b119b0243ca826dc28ccd395054e8b59dd56", + "format": 1 + }, + { + "name": "docs/podman_login_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "887347980d40a3d5b0ebab11bdb2c75ad4b08e4cfc6a6c93d0371c30ceb40289", + "format": 1 + }, + { + "name": "docs/podman_play_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ecfadba6b34d4e86094634e7089287b85122ff2fa1d39b29648aaed545556ab6", + "format": 1 + }, + { + "name": "docs/podman_load_module.html", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2690b66c821e7d62be4b9f3e4efe5b3c60af85266e62579c07658786f0d02ce3", + "format": 1 + }, + { + "name": "plugins", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/become", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/become/podman_unshare.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2dab878a68742976acd46a1310a37e9e0777b1953f86ee31dd9e0a29e9dfc3f3", + "format": 1 + }, + { + "name": "plugins/connection", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/connection/buildah.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2dd2825640c5a1d888fe78dcde28734278e8329dc69af136c70b1bb0fb308208", + "format": 1 + }, + { + "name": "plugins/connection/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/connection/podman.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fd66ec667402f515bab568f0b6b0f12bde1d122ac58ba86d722c97b12364b3ce", + "format": 1 + }, + { + "name": "plugins/modules", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/modules/podman_container.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5b66aa5232235305842b8d1352d13fc4113f742785e64cd83b15300750b0cb6d", + "format": 1 + }, + { + "name": "plugins/modules/podman_save.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dfadcbb79040f452444f39d4746e9f8870877c0e16961ddb4c3833e409c3620b", + "format": 1 + }, + { + "name": "plugins/modules/podman_logout.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7cc7da9cf123ffb9180e98f2fe5704f628831d44014efd25c48cedd1c28a9b7c", + "format": 1 + }, + { + "name": "plugins/modules/podman_load.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "96694bda39431f44186d599db567446d72debdf52a4a5c51f5fd66fa515229fc", + "format": 1 + }, + { + "name": "plugins/modules/podman_network_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9beb6e0c733ca304f38f95116dfd89569df21a68428039ef59ec9650314c5222", + "format": 1 + }, + { + "name": "plugins/modules/podman_secret.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "28c55a86b5aedc442a0350576feffbbb2e80165a1879997c0f840d62d90de073", + "format": 1 + }, + { + "name": "plugins/modules/podman_containers.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "aa442d06bccf7f0b786e16f8e02ea12673fafbe7e818b24d7ad901034623b897", + "format": 1 + }, + { + "name": "plugins/modules/podman_generate_systemd.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2d6ef5af7ea3d4e72c9d6cdc726adb00118f4210e9b45d26cd72c5ba9818f2b8", + "format": 1 + }, + { + "name": "plugins/modules/podman_image.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d73712ff41ef90113263fd38e69d1aa2f870d4601c8cc7b2d64762a67e1cef2f", + "format": 1 + }, + { + "name": "plugins/modules/podman_volume_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eb8cf9d38d438d24589d547458f4c0ba8341f687eb8a1ded30de1fc0b8933c83", + "format": 1 + }, + { + "name": "plugins/modules/podman_network.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c8284c79c7def1fa1aaa23e64e7ba2803b30b73493046f23b3fe588f2ebf2002", + "format": 1 + }, + { + "name": "plugins/modules/podman_prune.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "edf60cce31f68425b42ee1b59349b3f8bdab30ecde8b4dd1e5d27a11bb0c614f", + "format": 1 + }, + { + "name": "plugins/modules/podman_tag.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f748d6640b2cd18ac2caaf0a9d74917c1f139649df48dd514a11d8a1e7abc7cf", + "format": 1 + }, + { + "name": "plugins/modules/podman_container_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "27452b5112988897d7e8320de6d04330eac99cd8309825890fd804259653e073", + "format": 1 + }, + { + "name": "plugins/modules/podman_pod.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "71e72a676932a6088916ee16d8f7e37fd5704c846c1a3020215cadbf60bca940", + "format": 1 + }, + { + "name": "plugins/modules/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/modules/podman_image_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d79ccfb526e599404fcb618d04195f8c7fa8158a7cce1f2d5d592b626a6976e2", + "format": 1 + }, + { + "name": "plugins/modules/podman_pod_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "18e5fd6f6142467654af44f458a13c662d3beb2fa7957b137cbc13852cfcb440", + "format": 1 + }, + { + "name": "plugins/modules/podman_login.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "99408ff731f50c595b25692e2c86e717db2cf0b822d4907ec1f40a1f08856e0b", + "format": 1 + }, + { + "name": "plugins/modules/podman_login_info.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8f615071a379d21b8f012a60c24036c4812239faf8e6aea2be6e5ca21bbcc4f", + "format": 1 + }, + { + "name": "plugins/modules/podman_export.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5ebdcd00955640510cf639b8920511d34ad2d73e6d8f94d40f4a3f14f71e23f7", + "format": 1 + }, + { + "name": "plugins/modules/podman_volume.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7ffb53bbf08b1de02211173a8ad1740d2364c2a391dd763f03e67ffba5649b97", + "format": 1 + }, + { + "name": "plugins/modules/podman_import.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cc21e501407e0506176e0b640da1d669c71d90131873ce71ad29f95ed2301d3c", + "format": 1 + }, + { + "name": "plugins/modules/podman_play.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "56a3fbad4f660316fca29a637b220e9a1e5fb04f1b1f6bee6b8da02a73b5618f", + "format": 1 + }, + { + "name": "plugins/module_utils", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/podman", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/podman/podman_container_lib.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "36c7bf9076966092fa3b52ec875075aea5d63c3df27a62f97b2bc669494e1386", + "format": 1 + }, + { + "name": "plugins/module_utils/podman/podman_pod_lib.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "59a8af45ccf3b543b0432ffdc0f19d6d21c9a9721d2068c23193b33135034be9", + "format": 1 + }, + { + "name": "plugins/module_utils/podman/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "plugins/module_utils/podman/common.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1ec29eac71330e749b86528ed940e632503f7493ce065bc2a75457f924fc9301", + "format": 1 + }, + { + "name": "plugins/module_utils/__init__.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "format": 1 + }, + { + "name": "changelogs", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "changelogs/changelog.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7eec5a3e929f818e7edc5a5213ada7646e635ebef41d6faa0c24b131d7b63ee6", + "format": 1 + }, + { + "name": "changelogs/config.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "72cc16b684890f4595ab75ffdd6f80f5ae19bc84cbb2d82606bc840eb7842209", + "format": 1 + }, + { + "name": "SECURITY.md", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b73dc04e41dbb3774a3244e8e40d13eb97d169caa3e1230a622e077d60c1edd9", + "format": 1 + }, + { + "name": "COPYING", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986", + "format": 1 + }, + { + "name": "setup.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "85ef52c56819164efc5178d25aa03a432cdb8431ad0c99255802ce19a1719602", + "format": 1 + }, + { + "name": "CODE-OF-CONDUCT.md", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5b42ff686c8d61fc9879d2512a9fa01f8810a7274318e7952ad3322eeea02f11", + "format": 1 + }, + { + "name": "galaxy.yml.in", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba21f50b97b7f801dd811f96d4941327fccab34b13311e9bfcc5facfeec16999", + "format": 1 + }, + { + "name": "ansible-collection-containers-podman.spec", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "78cf0e2fef0e96de69fd18ab38b358a03a22a5ce2e0ecafbd149407d6bcafb47", + "format": 1 + }, + { + "name": "setup.cfg", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "df77e31936daa4f2509685b9442e8518931651064d466d9f6e0b597ebf92d6cd", + "format": 1 + } + ], + "format": 1 +} \ No newline at end of file diff --git a/ansible_collections/containers/podman/MANIFEST.json b/ansible_collections/containers/podman/MANIFEST.json new file mode 100644 index 000000000..375557c50 --- /dev/null +++ b/ansible_collections/containers/podman/MANIFEST.json @@ -0,0 +1,35 @@ +{ + "collection_info": { + "namespace": "containers", + "name": "podman", + "version": "1.10.2", + "authors": [ + "Sagi Shnaidman ", + "Ansible team" + ], + "readme": "README.md", + "tags": [ + "containers", + "podman", + "libpod" + ], + "description": "Podman container Ansible modules", + "license": [ + "GPL-3.0-or-later" + ], + "license_file": null, + "dependencies": {}, + "repository": "https://github.com/containers/ansible-podman-collections.git", + "documentation": "https://github.com/containers/ansible-podman-collections", + "homepage": "https://github.com/containers/ansible-podman-collections", + "issues": "https://github.com/containers/ansible-podman-collections/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" + }, + "file_manifest_file": { + "name": "FILES.json", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6cfa4c09919ad4148a3f047e6205cb019dbb080b11b94a7d4b2b61c6cb0f948f", + "format": 1 + }, + "format": 1 +} \ No newline at end of file diff --git a/ansible_collections/containers/podman/Makefile b/ansible_collections/containers/podman/Makefile new file mode 100644 index 000000000..7dbdd9a6b --- /dev/null +++ b/ansible_collections/containers/podman/Makefile @@ -0,0 +1,15 @@ +PKG_NAME=ansible-podman-collections +TMPINSTALLDIR=/tmp/$(PKG_NAME)-fpm-install +VERSION ?= $(shell python3 setup.py --version 2>/dev/null | sed "s/\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/g") + +rpm: + rm -rf $(TMPINSTALLDIR) + mkdir -p ~/rpmbuild/SOURCES/ + mkdir -p $(TMPINSTALLDIR)/$(PKG_NAME)-$(VERSION) + cp -r * $(TMPINSTALLDIR)/$(PKG_NAME)-$(VERSION)/ + tar -zcvf ~/rpmbuild/SOURCES/$(VERSION).tar.gz -C $(TMPINSTALLDIR) $(PKG_NAME)-$(VERSION) + cp ansible-collection-containers-podman.spec ansible-collection-containers-podman-build.spec + sed -i "s/Version:.*/Version: $(VERSION)/g" ansible-collection-containers-podman-build.spec + sed -i "s/Release:.*/Release: 999%{?dist}/g" ansible-collection-containers-podman-build.spec + sed -i "s/^version: .*/version: $(VERSION)/" $(TMPINSTALLDIR)/$(PKG_NAME)-$(VERSION)/galaxy.yml + rpmbuild -bb ansible-collection-containers-podman-build.spec diff --git a/ansible_collections/containers/podman/README.md b/ansible_collections/containers/podman/README.md new file mode 100644 index 000000000..ffc004b77 --- /dev/null +++ b/ansible_collections/containers/podman/README.md @@ -0,0 +1,113 @@ +[![GitHub Actions CI/CD build status — Collection test suite](https://github.com/containers/ansible-podman-collections/workflows/Collection%20build%20and%20tests/badge.svg?branch=master)](https://github.com/containers/ansible-podman-collections/actions?query=workflow%3A%22Collection%20build%20and%20tests) + +# Ansible Collection: containers.podman + +This repo hosts the `containers.podman` Ansible Collection. + +The collection includes the Podman container plugins to help the build and management of Podman containers. + +## Documentation + +For collection versions that are parts of Ansible releases, the documentation can be found on +Ansible docs site: https://docs.ansible.com/ansible/latest/collections/containers/podman + +The latest documentation for current collection version in the repository is hosted on github.io docs +site: https://containers.github.io/ansible-podman-collections. + +## Installation and Usage + +### Installing the Collection from Ansible Galaxy + +Before using the Podman collection, you need to install the collection with the `ansible-galaxy` CLI: + +`ansible-galaxy collection install containers.podman` + +You can also include it in a `requirements.yml` file and install it via +`ansible-galaxy collection install -r requirements.yml` using the format: + +```yaml +collections: +- name: containers.podman +``` + +or clone by your own: + +```bash +mkdir -p ~/.ansible/collections/ansible_collections/containers +git clone https://github.com/containers/ansible-podman-collections.git ~/.ansible/collections/ansible_collections/containers/podman +``` + +### Playbooks + +To use a module from Podman collection, please reference the full namespace, collection name, +and modules name that you want to use: + +```yaml +--- +- name: Using Podman collection + hosts: localhost + tasks: + - name: Run redis container + containers.podman.podman_container: + name: myredis + image: redis + command: redis-server --appendonly yes + state: present + recreate: true + expose: + - 6379 + volumes_from: + - mydata +``` + +Or you can add full namespace and collection name in the `collections` element: + +```yaml +--- +- name: Using Podman collection + hosts: localhost + collections: + - containers.podman + tasks: + - name: Build and push an image using existing credentials + podman_image: + name: nginx + path: /path/to/build/dir + push: true + push_args: + dest: quay.io/acme +``` + +## Contributing + +We are accepting Github pull requests and issues. +There are many ways in which you can participate in the project, for example: + +- Submit bugs and feature requests, and help us verify them +- Submit and review source code changes in Github pull requests +- Add new modules for Podman containers and images + +## Testing and Development + +If you want to develop new content for this collection or improve what is already +here, the easiest way to work on the collection is to clone it into one of the configured +[`COLLECTIONS_PATHS`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), +and work on it there. + +### Testing with `ansible-test` + +We use `ansible-test` for sanity. + +## More Information + +TBD + +## Communication + +Please submit Github issues for communication any issues. +You can ask Podman related questions on `#podman` channel of Ansible Podman questions +on `#ansible-podman` channel on Freenode IRC. + +## License + +GPL-3.0-or-later diff --git a/ansible_collections/containers/podman/SECURITY.md b/ansible_collections/containers/podman/SECURITY.md new file mode 100644 index 000000000..aa1f6c18e --- /dev/null +++ b/ansible_collections/containers/podman/SECURITY.md @@ -0,0 +1,4 @@ +## Security and Disclosure Information Policy for the Podman Ansible Collections Project + +The Podman Ansible Collections Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects. + diff --git a/ansible_collections/containers/podman/ansible-collection-containers-podman.spec b/ansible_collections/containers/podman/ansible-collection-containers-podman.spec new file mode 100644 index 000000000..01b1af740 --- /dev/null +++ b/ansible_collections/containers/podman/ansible-collection-containers-podman.spec @@ -0,0 +1,40 @@ +%global collection_namespace containers +%global collection_name podman + +Name: ansible-collection-%{collection_namespace}-%{collection_name} +Version: XXX +Release: 1%{?dist} +Summary: Podman Ansible collection for Podman containers + +License: GPLv3+ +URL: %{ansible_collection_url} +Source: https://github.com/containers/ansible-podman-collections/archive/%{version}.tar.gz + +BuildRequires: (ansible >= 2.9.10 or ansible-core >= 2.11.0) + +BuildArch: noarch + +%description +%{summary}. + +%prep +%autosetup -n ansible-podman-collections-%{version} +sed -i -e 's/version:.*/version: %{version}/' galaxy.yml +find -type f ! -executable -name '*.py' -print -exec sed -i -e '1{\@^#!.*@d}' '{}' + +rm -fvr changelogs/ ci/ contrib/ tests/ ./galaxy.yml.in .github/ .gitignore + +%build +%ansible_collection_build + +%install +%ansible_collection_install + +%files +%license COPYING +%doc README.md +%{ansible_collection_files} + +%changelog + +* Tue Feb 09 2021 Sagi Shnaidman - 1.4.1-1 +- Initial package diff --git a/ansible_collections/containers/podman/changelogs/changelog.yaml b/ansible_collections/containers/podman/changelogs/changelog.yaml new file mode 100644 index 000000000..db29bf897 --- /dev/null +++ b/ansible_collections/containers/podman/changelogs/changelog.yaml @@ -0,0 +1,501 @@ +ancestor: null +releases: + 1.0.0: + changes: + bugfixes: + - buildah_connection - Fix buildah debug output for py2 + - podman_connection - Run pause=false w/o message condition + - podman_container - Add idempotency for user and stop signal + - podman_container - Fix idempotency issues with workdir and volumes + - podman_container - Fix image, healthcheck and other idempotency + - podman_container - Improve idempotency of podman_container in uts, ipc, networks, + cpu_shares + - podman_image - only set changed=true if there is a new image + - podman_image - use correct option for remove_signatures flag + minor_changes: + - buildah_connection - add support of specific user + - buildah_connection - added Buildah connection rootless + - podman_connection - add user flags before container id in podman exec + release_summary: Initial release of collection with new modules + modules: + - description: Manage Podman containers + name: podman_container + namespace: '' + - description: Retrieve information about Podman networks + name: podman_network_info module + namespace: '' + release_date: '2020-05-20' + 1.0.1: + changes: + bugfixes: + - podman_container - Add inspect of image and user idempotency + - podman_image - Add option for tls_verify=false for images + release_summary: Idempotency and images improvements + release_date: '2020-06-01' + 1.0.2: + changes: + bugfixes: + - podman_container - Add idempotency for existing local volumes + release_summary: Idempotency fixes + release_date: '2020-06-05' + 1.0.3: + changes: + minor_changes: + - Relicense under GPLv3 and clean up modules + release_summary: Relicense under GPLv3 and clean up modules + release_date: '2020-06-08' + 1.0.4: + changes: + bugfixes: + - podman_container - Add idempotency for ulimits and tests + - podman_container - Fix idempotency for podman > 2 versions + release_summary: Idempotency and Podman v2 fixes + release_date: '2020-06-29' + 1.0.5: + changes: + bugfixes: + - podman_connection - Add check for empty dir for podman connection mount + - podman_connection - Increase verbosity for mount failure messages + - podman_container - Improve idempotency for volumes with slashesAdd idempotency + for ulimits and tests + - podman_container - Improve ports idempotency and support UDP + release_summary: Idempotency and another bugfixes for podman connection plugin. + release_date: '2020-07-09' + 1.1.0: + changes: + bugfixes: + - podman_container - Fix idempotency for networks and add tests + minor_changes: + - Add podman pod and pod info modules + release_summary: New modules for pods management. + modules: + - description: Manage Podman pods + name: podman_pod + namespace: '' + - description: Retrieve information about Podman pods + name: podman_pod_info + namespace: '' + release_date: '2020-07-19' + 1.1.1: + changes: + bugfixes: + - podman_volume_info - Improve podman volume info tests with new module + minor_changes: + - Create podman_volume module for volumes management + release_summary: New modules for volumes management. + modules: + - description: Manage Podman volumes + name: podman_volume + namespace: '' + release_date: '2020-07-22' + 1.1.2: + changes: + bugfixes: + - podman_connection - Chown file for users when copy them to container + release_summary: Urgent fix for podman connection plugin. + release_date: '2020-07-26' + 1.1.3: + changes: + bugfixes: + - podman_container - Fix idempotency for case with = in env + - podman_container - Fix issue with idempotency uts, ipc with pod + release_summary: Idempotency fixes for podman containers. + release_date: '2020-07-29' + 1.1.4: + changes: + minor_changes: + - Add pip installation for podman collection. + release_summary: Pip install and minor fixes. + release_date: '2020-08-06' + 1.10.0: + changes: + bugfixes: + - Delete systemd files when container/pod is deleted + - Fix example in systemd generate module + - Fix expanduser in path for systemd generation + - Fix idempotency for labels in pods + - Fix podman load module for Podman 4 + - Fix rerunning playbooks with generate_systemd --new + - Improve idempotency for devices mount of rootless podman + - Improve networks idempotency for v4 + - Support passing multiple networks with params + - fix pod running status for older podman versions + - podman_container should ensure image by using os path if rootfs is used + major_changes: + - New become plugin - podman_unshare + - Podman generate systemd module + minor_changes: + - Add --sdnotify option for container + - Add example unittest for container lib + - Add protection for systemd files deletion + - Add unittests for Ansible Podman modules + - Check for gha updates weekly using dependabot + - Fix PEP8 issue in podman_image + - Fix building image with buildah and become + - Fix docs issues in podman_image + - Warning about improperly configured remote target + - add required argument to example + - docs - added simple extra_args example + - generate_systemd - implement --wants, --after and --requires + - podman_image - add file parameter for Containerfile location + release_summary: New modules, become plugin and bugfixes. + release_date: '2022-11-17' + 1.10.1: + changes: + bugfixes: + - podman_systemd_generate - allow empty string for prefixes + - podman_unshare - Fix docs for podman_unshare become plugin + minor_changes: + - Add missed docs for modules + release_summary: Bugfixes and minor docs changes + release_date: '2022-11-22' + 1.10.2: + changes: + bugfixes: + - Add hooks-dir parameter for containers + - Add idempotency for restart-policy for containers + - Add missing options to podman network + - Add more explanation about cmd_args command usage + - Add stdout to podman build and push actions + - Added support for "userns" parameter to "play" module + - CI - fix pip installation of the collection + - CI - fix podman play job for 4.4.x versions + - Change yes/no to true/false in the modules + - Convert str to json format before evaluating length. + - Fix CI for newest Ansible branch 2.16 + - Fix idempotency for pods with uidmap and gidmap + - Fix idempotency lowercase for devices + - Fix network tests for Podman v4 + - Fix podman logout tests for v4 + - Fix pylint issues for CI ansible-test + - Fix undesirable splitting of IPv6 host addresses + - Improved documentation of `podman_generate_systemd` module + - Prepare CI for Podman v3 backward compatibility + - Support SHA256 tag for podman images + - Update podman_image to specify CPU arch when pulling image + - added podman_prune module + - become plugin podman_unshare become_user default + - fix for buildah improper remote target + - for pod kube recreate + - pod - Support passing multiple networks with params + - podman-login - fix FIPS md5 issue and registry requirement + - podman-pod - Fix idempotency for pods in 4.4.x versions + - podman_systemd - Ignore header when comparing systemd files content + release_summary: Bugfixes and docs changes + release_date: '2023-05-31' + 1.2.0: + changes: + minor_changes: + - Add changelog file to collection. + release_summary: Add changelog file. + release_date: '2020-08-17' + 1.3.0: + changes: + bugfixes: + - podman_volume - Fix return data from podman_volume module + minor_changes: + - Create podman_network module for podman networks management + release_summary: New podman_network module and bugfixes + modules: + - description: Manage Podman networks + name: podman_network + namespace: '' + release_date: '2020-09-03' + 1.3.1: + changes: + bugfixes: + - multiple modules - fix diff calculation for lower/upper cases + - podman_container - Add note about containerPort setting + - podman_container - Fix init option it's boolean not string + - podman_container - Remove pyyaml from requirements + - podman_network - Check if dnsname plugin installed for CNI + - podman_volume - Set options for a volume as list and fix idempotency + release_summary: bugfixes + release_date: '2020-10-09' + 1.3.2: + changes: + bugfixes: + - podman_container - Fix signals case for podman_container + release_summary: bugfixes + release_date: '2020-10-20' + 1.4.0: + changes: + bugfixes: + - podman_container - Fix force restart option for containers + - podman_container - Fix idempotency for volume GID and UID + - podman_container - Fix no_hosts idempotency for newer version + - podman_container - Remove 'detach' when creating container + - podman_image - Fix doc defaults for podman_image + - podman_logout - Handle podman logout not logging out when logged in via different + tool + - podman_network - Correct IP range example for podman_network + minor_changes: + - podman_container - Add log level for Podman in module + - podman_container - Add mac_address field to podman_container module + - podman_container - Add strict image compare with hashes + - podman_container - Improve compatibility with docker_container by adding aliases + - podman_container - Move containers logic to module utils + - podman_image - reuse existing results in present() + - podman_network - Add IPv6 to network + - podman_network - Add support of network options like MTU, VLAN + - podman_pod - Move pod logic to separate library + release_summary: New modules and bugfixes, new network options + modules: + - description: Manage multiple Podman containers at once + name: podman_containers + namespace: '' + - description: Get info about Podman logged in registries + name: podman_login_info + namespace: '' + - description: Log out with Podman from registries + name: podman_logout + namespace: '' + release_date: '2020-09-03' + 1.4.1: + changes: + bugfixes: + - podman_container - Convert gidmap to list for podman_container + - podman_container - Convert log-opts to dictionary and idempotent + release_summary: Bugfixes for podman container + release_date: '2020-12-21' + 1.4.2: + changes: + bugfixes: + - documentation - Add docs to Github + - podman_container - Add 'created' state for podman_container + - podman_container - Change default log level for 3+ versions + - podman_container - Convert systemd option to a string + - podman_container - Don't recreate container if env_file is specified + - podman_container - Fix 'cap_add' and 'cap_drop' idempotency + - podman_container - Fix idempotency for multiple ports + - podman_container - Fix slirp4netns options idempotency + - podman_container - Fix uid/gid checks for podman 1.6.4 volumes + - podman_container - Handle slash removals for root volumes mount + - podman_container - Restart container in a simple manner + - podman_container - podman_container_lib - fix command idempotency + - podman_image - Add debug log and podman_actions to podman_image + - podman_image - Don't set default for validate-certs in podman_image + release_summary: Bugfixes for podman container + release_date: '2021-02-14' + 1.4.3: + changes: + bugfixes: + - Add docs generation + - Update documentation + release_summary: Documentation fixes and updates + release_date: '2021-02-14' + 1.4.4: + changes: + bugfixes: + - Attempt graceful stop when recreating container + - Don't calculate image digest in check mode + - Fix internal networks and DNS plugin for v3 + - Fix podman_pod* modules for Podman v3 + - Fixes for podman_container for Podman v3 + release_summary: Fixes for newest version 3 of Podman + release_date: '2021-03-01' + 1.4.5: + changes: + bugfixes: + - Add IPv6 support for publishing ports + - Add sigrtmin+3 signal (required for systemd containers) + - Add support for Podman Pod restart + - Convert IPv6 to shorten form + - Fix error with images info where no images + - Fix idempotency for rootless networks from v3 + - Fix no_log for newer ansible-test + - Fix uppercase labels idempotency issue + - Stop pods without recreating them + release_summary: Additional fixes for newest version 3 of Podman + release_date: '2021-04-02' + 1.5.0: + changes: + minor_changes: + - Podman login module + release_summary: New module - Podman login + modules: + - description: Login to a container registry using podman + name: podman_login + namespace: '' + release_date: '2021-04-05' + 1.6.0: + changes: + bugfixes: + - Fix ansible-test issues for CI + - Fix idempotency for environment + - Fix ipv6=false issue + - Fix multi-containers options + - Fix overlayfs issue in CI for buildah connection + minor_changes: + - Add Ansible 2.11 to all tests and use Ubuntu 20.04 + - Add Ansible 2.11 to testing + - Add RPM building scripts + - Add support for timezones in containers + release_summary: New module podman_play for playing Kubernetes YAML and bugfixes + modules: + - description: Play Kubernetes YAML files with Podman + name: podman_play + namespace: '' + release_date: '2021-06-03' + 1.6.1: + changes: + bugfixes: + - Fix failure when listing containers + release_summary: Bugfix for podman_container_info + release_date: '2021-06-08' + 1.6.2: + changes: + bugfixes: + - Add meta/runtime.yml which is required for Galaxy now + - Avoid exposing pipelining support for podman connections + - Change present state to be as created state + - Disable no-hosts idempotency + - Fix idempotency with systemd podman files + - Remove idempotency for volume UID/GID + release_summary: Bugfixes for idempotency and pipelining + release_date: '2021-08-02' + 1.7.0: + changes: + minor_changes: + - Podman secret module + release_summary: New module - Podman secret + modules: + - description: Manage podman secrets + name: podman_secret + namespace: '' + release_date: '2021-08-15' + 1.7.1: + changes: + bugfixes: + - Add support for podman pod create --infra-name + - Fix idempotency when containers have a common network + - Remove idempotency leftovers of volumes GID,UID + release_summary: Bugfixes and new features + release_date: '2021-09-01' + 1.8.0: + changes: + major_changes: + - Add systemd generation for pods + - Generate systemd service files for containers + release_summary: New modules for images and containers + modules: + - description: Export a podman container to tar file + name: podman_export + namespace: '' + - description: Import Podman container from a tar file + name: podman_import + namespace: '' + - description: Load image from a tar file + name: podman_load + namespace: '' + - description: Saves podman image to tar file + name: podman_save + namespace: '' + release_date: '2021-09-17' + 1.8.1: + changes: + bugfixes: + - Add .service extension to systemd files + - Add aliases for image load/save + - Change python version for ansible-core to 3.9 + - Fix suboption key in podman_container/podman_pod for generate_systemd documentation + release_summary: Fixes for systemd units generation + release_date: '2021-09-24' + 1.8.2: + changes: + bugfixes: + - Add option for ansible-core in RPM spec file + - Add skip option for podman secret + - Add support for network-alias flag + - Allow to actually pass a list of string for "mounts" + - Don't add newlines to secrets + - Fix issue with podman and exposed ports + - Fix signal diff for truncated and RT signal names + - Support empty stings in prefixes + - Update error message when pull set to false + release_summary: Fixes for various modules + release_date: '2021-11-09' + 1.8.3: + changes: + bugfixes: + - Add documentations for generate_systemd + - Hardcode RT signal numbers + - Remove default value of log-driver + - Support --new in generate_systemd + release_summary: Bugfixes + release_date: '2021-11-25' + 1.9.0: + changes: + bugfixes: + - Don't include shared 'net' if network is host in pods + major_changes: + - Add podman_tag module + - Add secrets driver and driver opts support + minor_changes: + - Add a second example to podman_pod_module.html + release_summary: New podman_tag module and fixes + modules: + - description: Add an additional name to a local image + name: podman_tag + namespace: '' + release_date: '2021-12-05' + 1.9.1: + changes: + bugfixes: + - Fix podman_pod_lib behavior for ports published to multiple IPs + - Handle tlsverify correctly in podman_login + - Update secrets description and add test with secret opts + minor_changes: + - Add new options for pod module + - Use yaml syntax highlighting where appropriate + release_summary: Bugfixes and new options for Pods + release_date: '2022-01-13' + 1.9.2: + changes: + bugfixes: + - Add slirp4netns idempotency for pods + - Fix MAC address detection in created container + - Fix check for read-only change of root image in podman_container module + - Fix error with exitcommand for Podman v4 + - Fix issue when missing plugins entry in podman_network module + - Fix new requirements for plugins documentation + - Fix podman collection for Podman version 4 + - Fix tests for podman_container module + - Strip slashes from volumes + minor_changes: + - Add requires option to podman_container module + release_summary: Bugfixes and new requires option for podman_container + release_date: '2022-03-21' + 1.9.3: + changes: + bugfixes: + - Remove idempotency for log level + minor_changes: + - Fix sanity issues with a new Ansible version + release_summary: Bugfixes and minor changes + release_date: '2022-03-29' + 1.9.4: + changes: + bugfixes: + - connection_podman - Add missing docstring for method that executes the podman + commands + - podman_container - Change IpcMode default to shareable + - podman_container - Disable memory idempotency + - podman_container - Fix typo in the documentation + - podman_image - Update `podman_image` to remove image with image id + - podman_load - Loop over image names when multiple images present in archive + - podman_login - Fix idempotency for podman_login + - podman_network - Allow specify podman_network options MTU and VLAN separately + - podman_network - Fix internal networks idempotency + - podman_play - Fix play_kube not working when yaml not installed on target + - podman_play - Pass errors as a string instead of list + - podman_pod - Change network attribute from str to list in pods + - podman_pod - Fix pod network idempotency + - podman_pod - Fix pod tests in CI + - podman_pod - Fix pods list retrieve + minor_changes: + - Remove distutils as deprecated + - Run CI on Ubuntu 22.04 + - Use 2.13 Ansible version in CI jobs instead of 2.11 + release_summary: Bugfixes and minor changes + release_date: '2022-07-04' diff --git a/ansible_collections/containers/podman/changelogs/config.yaml b/ansible_collections/containers/podman/changelogs/config.yaml new file mode 100644 index 000000000..39c40f1e6 --- /dev/null +++ b/ansible_collections/containers/podman/changelogs/config.yaml @@ -0,0 +1,31 @@ +changelog_filename_template: ../CHANGELOG.rst +changelog_filename_version_depth: 0 +changes_file: changelog.yaml +changes_format: combined +ignore_other_fragment_extensions: true +keep_fragments: false +mention_ancestor: true +new_plugins_after_name: removed_features +notesdir: fragments +prelude_section_name: release_summary +prelude_section_title: Release Summary +sections: +- - major_changes + - Major Changes +- - minor_changes + - Minor Changes +- - breaking_changes + - Breaking Changes / Porting Guide +- - deprecated_features + - Deprecated Features +- - removed_features + - Removed Features (previously deprecated) +- - security_fixes + - Security Fixes +- - bugfixes + - Bugfixes +- - known_issues + - Known Issues +title: Ansible Podman modules and plugins +trivial_section_name: trivial +use_fqcn: true diff --git a/ansible_collections/containers/podman/docs/.nojekyll b/ansible_collections/containers/podman/docs/.nojekyll new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/docs/_static/_sphinx_javascript_frameworks_compat.js b/ansible_collections/containers/podman/docs/_static/_sphinx_javascript_frameworks_compat.js new file mode 100644 index 000000000..8549469dc --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/_sphinx_javascript_frameworks_compat.js @@ -0,0 +1,134 @@ +/* + * _sphinx_javascript_frameworks_compat.js + * ~~~~~~~~~~ + * + * Compatability shim for jQuery and underscores.js. + * + * WILL BE REMOVED IN Sphinx 6.0 + * xref RemovedInSphinx60Warning + * + */ + +/** + * select a different prefix for underscore + */ +$u = _.noConflict(); + + +/** + * small helper function to urldecode strings + * + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL + */ +jQuery.urldecode = function(x) { + if (!x) { + return x + } + return decodeURIComponent(x.replace(/\+/g, ' ')); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + var bbox = node.parentElement.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} diff --git a/ansible_collections/containers/podman/docs/_static/alabaster.css b/ansible_collections/containers/podman/docs/_static/alabaster.css new file mode 100644 index 000000000..0eddaeb07 --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/alabaster.css @@ -0,0 +1,701 @@ +@import url("basic.css"); + +/* -- page layout ----------------------------------------------------------- */ + +body { + font-family: Georgia, serif; + font-size: 17px; + background-color: #fff; + color: #000; + margin: 0; + padding: 0; +} + + +div.document { + width: 940px; + margin: 30px auto 0 auto; +} + +div.documentwrapper { + float: left; + width: 100%; +} + +div.bodywrapper { + margin: 0 0 0 220px; +} + +div.sphinxsidebar { + width: 220px; + font-size: 14px; + line-height: 1.5; +} + +hr { + border: 1px solid #B1B4B6; +} + +div.body { + background-color: #fff; + color: #3E4349; + padding: 0 30px 0 30px; +} + +div.body > .section { + text-align: left; +} + +div.footer { + width: 940px; + margin: 20px auto 30px auto; + font-size: 14px; + color: #888; + text-align: right; +} + +div.footer a { + color: #888; +} + +p.caption { + font-family: inherit; + font-size: inherit; +} + + +div.relations { + display: none; +} + + +div.sphinxsidebar a { + color: #444; + text-decoration: none; + border-bottom: 1px dotted #999; +} + +div.sphinxsidebar a:hover { + border-bottom: 1px solid #999; +} + +div.sphinxsidebarwrapper { + padding: 18px 10px; +} + +div.sphinxsidebarwrapper p.logo { + padding: 0; + margin: -10px 0 0 0px; + text-align: center; +} + +div.sphinxsidebarwrapper h1.logo { + margin-top: -10px; + text-align: center; + margin-bottom: 5px; + text-align: left; +} + +div.sphinxsidebarwrapper h1.logo-name { + margin-top: 0px; +} + +div.sphinxsidebarwrapper p.blurb { + margin-top: 0; + font-style: normal; +} + +div.sphinxsidebar h3, +div.sphinxsidebar h4 { + font-family: Georgia, serif; + color: #444; + font-size: 24px; + font-weight: normal; + margin: 0 0 5px 0; + padding: 0; +} + +div.sphinxsidebar h4 { + font-size: 20px; +} + +div.sphinxsidebar h3 a { + color: #444; +} + +div.sphinxsidebar p.logo a, +div.sphinxsidebar h3 a, +div.sphinxsidebar p.logo a:hover, +div.sphinxsidebar h3 a:hover { + border: none; +} + +div.sphinxsidebar p { + color: #555; + margin: 10px 0; +} + +div.sphinxsidebar ul { + margin: 10px 0; + padding: 0; + color: #000; +} + +div.sphinxsidebar ul li.toctree-l1 > a { + font-size: 120%; +} + +div.sphinxsidebar ul li.toctree-l2 > a { + font-size: 110%; +} + +div.sphinxsidebar input { + border: 1px solid #CCC; + font-family: Georgia, serif; + font-size: 1em; +} + +div.sphinxsidebar hr { + border: none; + height: 1px; + color: #AAA; + background: #AAA; + + text-align: left; + margin-left: 0; + width: 50%; +} + +div.sphinxsidebar .badge { + border-bottom: none; +} + +div.sphinxsidebar .badge:hover { + border-bottom: none; +} + +/* To address an issue with donation coming after search */ +div.sphinxsidebar h3.donation { + margin-top: 10px; +} + +/* -- body styles ----------------------------------------------------------- */ + +a { + color: #004B6B; + text-decoration: underline; +} + +a:hover { + color: #6D4100; + text-decoration: underline; +} + +div.body h1, +div.body h2, +div.body h3, +div.body h4, +div.body h5, +div.body h6 { + font-family: Georgia, serif; + font-weight: normal; + margin: 30px 0px 10px 0px; + padding: 0; +} + +div.body h1 { margin-top: 0; padding-top: 0; font-size: 240%; } +div.body h2 { font-size: 180%; } +div.body h3 { font-size: 150%; } +div.body h4 { font-size: 130%; } +div.body h5 { font-size: 100%; } +div.body h6 { font-size: 100%; } + +a.headerlink { + color: #DDD; + padding: 0 4px; + text-decoration: none; +} + +a.headerlink:hover { + color: #444; + background: #EAEAEA; +} + +div.body p, div.body dd, div.body li { + line-height: 1.4em; +} + +div.admonition { + margin: 20px 0px; + padding: 10px 30px; + background-color: #EEE; + border: 1px solid #CCC; +} + +div.admonition tt.xref, div.admonition code.xref, div.admonition a tt { + background-color: #FBFBFB; + border-bottom: 1px solid #fafafa; +} + +div.admonition p.admonition-title { + font-family: Georgia, serif; + font-weight: normal; + font-size: 24px; + margin: 0 0 10px 0; + padding: 0; + line-height: 1; +} + +div.admonition p.last { + margin-bottom: 0; +} + +div.highlight { + background-color: #fff; +} + +dt:target, .highlight { + background: #FAF3E8; +} + +div.warning { + background-color: #FCC; + border: 1px solid #FAA; +} + +div.danger { + background-color: #FCC; + border: 1px solid #FAA; + -moz-box-shadow: 2px 2px 4px #D52C2C; + -webkit-box-shadow: 2px 2px 4px #D52C2C; + box-shadow: 2px 2px 4px #D52C2C; +} + +div.error { + background-color: #FCC; + border: 1px solid #FAA; + -moz-box-shadow: 2px 2px 4px #D52C2C; + -webkit-box-shadow: 2px 2px 4px #D52C2C; + box-shadow: 2px 2px 4px #D52C2C; +} + +div.caution { + background-color: #FCC; + border: 1px solid #FAA; +} + +div.attention { + background-color: #FCC; + border: 1px solid #FAA; +} + +div.important { + background-color: #EEE; + border: 1px solid #CCC; +} + +div.note { + background-color: #EEE; + border: 1px solid #CCC; +} + +div.tip { + background-color: #EEE; + border: 1px solid #CCC; +} + +div.hint { + background-color: #EEE; + border: 1px solid #CCC; +} + +div.seealso { + background-color: #EEE; + border: 1px solid #CCC; +} + +div.topic { + background-color: #EEE; +} + +p.admonition-title { + display: inline; +} + +p.admonition-title:after { + content: ":"; +} + +pre, tt, code { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; + font-size: 0.9em; +} + +.hll { + background-color: #FFC; + margin: 0 -12px; + padding: 0 12px; + display: block; +} + +img.screenshot { +} + +tt.descname, tt.descclassname, code.descname, code.descclassname { + font-size: 0.95em; +} + +tt.descname, code.descname { + padding-right: 0.08em; +} + +img.screenshot { + -moz-box-shadow: 2px 2px 4px #EEE; + -webkit-box-shadow: 2px 2px 4px #EEE; + box-shadow: 2px 2px 4px #EEE; +} + +table.docutils { + border: 1px solid #888; + -moz-box-shadow: 2px 2px 4px #EEE; + -webkit-box-shadow: 2px 2px 4px #EEE; + box-shadow: 2px 2px 4px #EEE; +} + +table.docutils td, table.docutils th { + border: 1px solid #888; + padding: 0.25em 0.7em; +} + +table.field-list, table.footnote { + border: none; + -moz-box-shadow: none; + -webkit-box-shadow: none; + box-shadow: none; +} + +table.footnote { + margin: 15px 0; + width: 100%; + border: 1px solid #EEE; + background: #FDFDFD; + font-size: 0.9em; +} + +table.footnote + table.footnote { + margin-top: -15px; + border-top: none; +} + +table.field-list th { + padding: 0 0.8em 0 0; +} + +table.field-list td { + padding: 0; +} + +table.field-list p { + margin-bottom: 0.8em; +} + +/* Cloned from + * https://github.com/sphinx-doc/sphinx/commit/ef60dbfce09286b20b7385333d63a60321784e68 + */ +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +table.footnote td.label { + width: .1px; + padding: 0.3em 0 0.3em 0.5em; +} + +table.footnote td { + padding: 0.3em 0.5em; +} + +dl { + margin: 0; + padding: 0; +} + +dl dd { + margin-left: 30px; +} + +blockquote { + margin: 0 0 0 30px; + padding: 0; +} + +ul, ol { + /* Matches the 30px from the narrow-screen "li > ul" selector below */ + margin: 10px 0 10px 30px; + padding: 0; +} + +pre { + background: #EEE; + padding: 7px 30px; + margin: 15px 0px; + line-height: 1.3em; +} + +div.viewcode-block:target { + background: #ffd; +} + +dl pre, blockquote pre, li pre { + margin-left: 0; + padding-left: 30px; +} + +tt, code { + background-color: #ecf0f3; + color: #222; + /* padding: 1px 2px; */ +} + +tt.xref, code.xref, a tt { + background-color: #FBFBFB; + border-bottom: 1px solid #fff; +} + +a.reference { + text-decoration: none; + border-bottom: 1px dotted #004B6B; +} + +/* Don't put an underline on images */ +a.image-reference, a.image-reference:hover { + border-bottom: none; +} + +a.reference:hover { + border-bottom: 1px solid #6D4100; +} + +a.footnote-reference { + text-decoration: none; + font-size: 0.7em; + vertical-align: top; + border-bottom: 1px dotted #004B6B; +} + +a.footnote-reference:hover { + border-bottom: 1px solid #6D4100; +} + +a:hover tt, a:hover code { + background: #EEE; +} + + +@media screen and (max-width: 870px) { + + div.sphinxsidebar { + display: none; + } + + div.document { + width: 100%; + + } + + div.documentwrapper { + margin-left: 0; + margin-top: 0; + margin-right: 0; + margin-bottom: 0; + } + + div.bodywrapper { + margin-top: 0; + margin-right: 0; + margin-bottom: 0; + margin-left: 0; + } + + ul { + margin-left: 0; + } + + li > ul { + /* Matches the 30px from the "ul, ol" selector above */ + margin-left: 30px; + } + + .document { + width: auto; + } + + .footer { + width: auto; + } + + .bodywrapper { + margin: 0; + } + + .footer { + width: auto; + } + + .github { + display: none; + } + + + +} + + + +@media screen and (max-width: 875px) { + + body { + margin: 0; + padding: 20px 30px; + } + + div.documentwrapper { + float: none; + background: #fff; + } + + div.sphinxsidebar { + display: block; + float: none; + width: 102.5%; + margin: 50px -30px -20px -30px; + padding: 10px 20px; + background: #333; + color: #FFF; + } + + div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p, + div.sphinxsidebar h3 a { + color: #fff; + } + + div.sphinxsidebar a { + color: #AAA; + } + + div.sphinxsidebar p.logo { + display: none; + } + + div.document { + width: 100%; + margin: 0; + } + + div.footer { + display: none; + } + + div.bodywrapper { + margin: 0; + } + + div.body { + min-height: 0; + padding: 0; + } + + .rtd_doc_footer { + display: none; + } + + .document { + width: auto; + } + + .footer { + width: auto; + } + + .footer { + width: auto; + } + + .github { + display: none; + } +} + + +/* misc. */ + +.revsys-inline { + display: none!important; +} + +/* Make nested-list/multi-paragraph items look better in Releases changelog + * pages. Without this, docutils' magical list fuckery causes inconsistent + * formatting between different release sub-lists. + */ +div#changelog > div.section > ul > li > p:only-child { + margin-bottom: 0; +} + +/* Hide fugly table cell borders in ..bibliography:: directive output */ +table.docutils.citation, table.docutils.citation td, table.docutils.citation th { + border: none; + /* Below needed in some edge cases; if not applied, bottom shadows appear */ + -moz-box-shadow: none; + -webkit-box-shadow: none; + box-shadow: none; +} + + +/* relbar */ + +.related { + line-height: 30px; + width: 100%; + font-size: 0.9rem; +} + +.related.top { + border-bottom: 1px solid #EEE; + margin-bottom: 20px; +} + +.related.bottom { + border-top: 1px solid #EEE; +} + +.related ul { + padding: 0; + margin: 0; + list-style: none; +} + +.related li { + display: inline; +} + +nav#rellinks { + float: right; +} + +nav#rellinks li+li:before { + content: "|"; +} + +nav#breadcrumbs li+li:before { + content: "\00BB"; +} + +/* Hide certain items when printing */ +@media print { + div.related { + display: none; + } +} \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/_static/antsibull-minimal.css b/ansible_collections/containers/podman/docs/_static/antsibull-minimal.css new file mode 100644 index 000000000..6f2872704 --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/antsibull-minimal.css @@ -0,0 +1,2 @@ +@charset "UTF-8"; +/* Copyright (c) Ansible and contributors */table.documentation-table{border-bottom:1px solid #000;border-right:1px solid #000}table.documentation-table td,table.documentation-table th{padding:4px;border-left:1px solid #000;border-top:1px solid #000}table.documentation-table td.elbow-placeholder{border-left:1px solid #000;border-top:0;width:30px;min-width:30px}table.documentation-table td{vertical-align:top}table.documentation-table td:first-child{white-space:nowrap}table.documentation-table .value-type{font-size:x-small;color:purple;display:inline}table.documentation-table .value-separator{font-size:x-small;display:inline}table.documentation-table .value-required{font-size:x-small;color:red;display:inline}table.documentation-table tr .ansibleOptionLink{display:inline-block;visibility:hidden}table.documentation-table tr .ansibleOptionLink:after{content:"🔗"}table.documentation-table tr:hover .ansibleOptionLink:after{visibility:visible} \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/_static/basic.css b/ansible_collections/containers/podman/docs/_static/basic.css new file mode 100644 index 000000000..7d5974c32 --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/basic.css @@ -0,0 +1,928 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} +a.brackets:before, +span.brackets > a:before{ + content: "["; +} + +a.brackets:after, +span.brackets > a:after { + content: "]"; +} + + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} +div.admonition, div.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ +div.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +div.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +div.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} + +/* Docutils 0.17 and older (footnotes & citations) */ +dl.footnote > dt, +dl.citation > dt { + float: left; + margin-right: 0.5em; +} + +dl.footnote > dd, +dl.citation > dd { + margin-bottom: 0em; +} + +dl.footnote > dd:after, +dl.citation > dd:after { + content: ""; + clear: both; +} + +/* Docutils 0.18+ (footnotes & citations) */ +aside.footnote > span, +div.citation > span { + float: left; +} +aside.footnote > span:last-of-type, +div.citation > span:last-of-type { + padding-right: 0.5em; +} +aside.footnote > p { + margin-left: 2em; +} +div.citation > p { + margin-left: 4em; +} +aside.footnote > p:last-of-type, +div.citation > p:last-of-type { + margin-bottom: 0em; +} +aside.footnote > p:last-of-type:after, +div.citation > p:last-of-type:after { + content: ""; + clear: both; +} + +/* Footnotes & citations ends */ + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} + +dl.field-list > dt:after { + content: ":"; +} + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/_static/custom.css b/ansible_collections/containers/podman/docs/_static/custom.css new file mode 100644 index 000000000..2a924f1d6 --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/custom.css @@ -0,0 +1 @@ +/* This file intentionally left blank. */ diff --git a/ansible_collections/containers/podman/docs/_static/doctools.js b/ansible_collections/containers/podman/docs/_static/doctools.js new file mode 100644 index 000000000..c3db08d1c --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/doctools.js @@ -0,0 +1,264 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * highlight a given string on a node by wrapping it in + * span elements with the given class name. + */ +const _highlight = (node, addItems, text, className) => { + if (node.nodeType === Node.TEXT_NODE) { + const val = node.nodeValue; + const parent = node.parentNode; + const pos = val.toLowerCase().indexOf(text); + if ( + pos >= 0 && + !parent.classList.contains(className) && + !parent.classList.contains("nohighlight") + ) { + let span; + + const closestNode = parent.closest("body, svg, foreignObject"); + const isInSVG = closestNode && closestNode.matches("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.classList.add(className); + } + + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + parent.insertBefore( + span, + parent.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling + ) + ); + node.nodeValue = val.substr(0, pos); + + if (isInSVG) { + const rect = document.createElementNS( + "http://www.w3.org/2000/svg", + "rect" + ); + const bbox = parent.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute("class", className); + addItems.push({ parent: parent, target: rect }); + } + } + } else if (node.matches && !node.matches("button, select, textarea")) { + node.childNodes.forEach((el) => _highlight(el, addItems, text, className)); + } +}; +const _highlightText = (thisNode, text, className) => { + let addItems = []; + _highlight(thisNode, addItems, text, className); + addItems.forEach((obj) => + obj.parent.insertAdjacentElement("beforebegin", obj.target) + ); +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.highlightSearchWords(); + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * highlight the search words provided in the url in the text + */ + highlightSearchWords: () => { + const highlight = + new URLSearchParams(window.location.search).get("highlight") || ""; + const terms = highlight.toLowerCase().split(/\s+/).filter(x => x); + if (terms.length === 0) return; // nothing to do + + // There should never be more than one element matching "div.body" + const divBody = document.querySelectorAll("div.body"); + const body = divBody.length ? divBody[0] : document.querySelector("body"); + window.setTimeout(() => { + terms.forEach((term) => _highlightText(body, term, "highlighted")); + }, 10); + + const searchBox = document.getElementById("searchbox"); + if (searchBox === null) return; + searchBox.appendChild( + document + .createRange() + .createContextualFragment( + '" + ) + ); + }, + + /** + * helper function to hide the search marks again + */ + hideSearchWords: () => { + document + .querySelectorAll("#searchbox .highlight-link") + .forEach((el) => el.remove()); + document + .querySelectorAll("span.highlighted") + .forEach((el) => el.classList.remove("highlighted")); + const url = new URL(window.location); + url.searchParams.delete("highlight"); + window.history.replaceState({}, "", url); + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + const blacklistedElements = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", + ]); + document.addEventListener("keydown", (event) => { + if (blacklistedElements.has(document.activeElement.tagName)) return; // bail for input elements + if (event.altKey || event.ctrlKey || event.metaKey) return; // bail with special keys + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + case "Escape": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.hideSearchWords(); + event.preventDefault(); + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/ansible_collections/containers/podman/docs/_static/documentation_options.js b/ansible_collections/containers/podman/docs/_static/documentation_options.js new file mode 100644 index 000000000..a750e4d5e --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/documentation_options.js @@ -0,0 +1,14 @@ +var DOCUMENTATION_OPTIONS = { + URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), + VERSION: '', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: false, +}; \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/_static/file.png b/ansible_collections/containers/podman/docs/_static/file.png new file mode 100644 index 000000000..a858a410e Binary files /dev/null and b/ansible_collections/containers/podman/docs/_static/file.png differ diff --git a/ansible_collections/containers/podman/docs/_static/jquery-3.5.1.js b/ansible_collections/containers/podman/docs/_static/jquery-3.5.1.js new file mode 100644 index 000000000..50937333b --- /dev/null +++ b/ansible_collections/containers/podman/docs/_static/jquery-3.5.1.js @@ -0,0 +1,10872 @@ +/*! + * jQuery JavaScript Library v3.5.1 + * https://jquery.com/ + * + * Includes Sizzle.js + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://jquery.org/license + * + * Date: 2020-05-04T22:49Z + */ +( function( global, factory ) { + + "use strict"; + + if ( typeof module === "object" && typeof module.exports === "object" ) { + + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 +// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode +// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common +// enough that all such attempts are guarded in a try block. +"use strict"; + +var arr = []; + +var getProto = Object.getPrototypeOf; + +var slice = arr.slice; + +var flat = arr.flat ? function( array ) { + return arr.flat.call( array ); +} : function( array ) { + return arr.concat.apply( [], array ); +}; + + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var fnToString = hasOwn.toString; + +var ObjectFunctionString = fnToString.call( Object ); + +var support = {}; + +var isFunction = function isFunction( obj ) { + + // Support: Chrome <=57, Firefox <=52 + // In some browsers, typeof returns "function" for HTML elements + // (i.e., `typeof document.createElement( "object" ) === "function"`). + // We don't want to classify *any* DOM node as a function. + return typeof obj === "function" && typeof obj.nodeType !== "number"; + }; + + +var isWindow = function isWindow( obj ) { + return obj != null && obj === obj.window; + }; + + +var document = window.document; + + + + var preservedScriptAttributes = { + type: true, + src: true, + nonce: true, + noModule: true + }; + + function DOMEval( code, node, doc ) { + doc = doc || document; + + var i, val, + script = doc.createElement( "script" ); + + script.text = code; + if ( node ) { + for ( i in preservedScriptAttributes ) { + + // Support: Firefox 64+, Edge 18+ + // Some browsers don't support the "nonce" property on scripts. + // On the other hand, just using `getAttribute` is not enough as + // the `nonce` attribute is reset to an empty string whenever it + // becomes browsing-context connected. + // See https://github.com/whatwg/html/issues/2369 + // See https://html.spec.whatwg.org/#nonce-attributes + // The `node.getAttribute` check was added for the sake of + // `jQuery.globalEval` so that it can fake a nonce-containing node + // via an object. + val = node[ i ] || node.getAttribute && node.getAttribute( i ); + if ( val ) { + script.setAttribute( i, val ); + } + } + } + doc.head.appendChild( script ).parentNode.removeChild( script ); + } + + +function toType( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android <=2.3 only (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; +} +/* global Symbol */ +// Defining this global in .eslintrc.json would create a danger of using the global +// unguarded in another place, it seems safer to define global only for this module + + + +var + version = "3.5.1", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + + // Return all the elements in a clean array + if ( num == null ) { + return slice.call( this ); + } + + // Return just the one element from the set + return num < 0 ? this[ num + this.length ] : this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + even: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return ( i + 1 ) % 2; + } ) ); + }, + + odd: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return i % 2; + } ) ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + copy = options[ name ]; + + // Prevent Object.prototype pollution + // Prevent never-ending loop + if ( name === "__proto__" || target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = Array.isArray( copy ) ) ) ) { + src = target[ name ]; + + // Ensure proper type for the source value + if ( copyIsArray && !Array.isArray( src ) ) { + clone = []; + } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { + clone = {}; + } else { + clone = src; + } + copyIsArray = false; + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isPlainObject: function( obj ) { + var proto, Ctor; + + // Detect obvious negatives + // Use toString instead of jQuery.type to catch host objects + if ( !obj || toString.call( obj ) !== "[object Object]" ) { + return false; + } + + proto = getProto( obj ); + + // Objects with no prototype (e.g., `Object.create( null )`) are plain + if ( !proto ) { + return true; + } + + // Objects with prototype are plain iff they were constructed by a global Object function + Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; + return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; + }, + + isEmptyObject: function( obj ) { + var name; + + for ( name in obj ) { + return false; + } + return true; + }, + + // Evaluates a script in a provided context; falls back to the global one + // if not specified. + globalEval: function( code, options, doc ) { + DOMEval( code, { nonce: options && options.nonce }, doc ); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return flat( ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), +function( _i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); +} ); + +function isArrayLike( obj ) { + + // Support: real iOS 8.2 only (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = toType( obj ); + + if ( isFunction( obj ) || isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.3.5 + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://js.foundation/ + * + * Date: 2020-03-14 + */ +( function( window ) { +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + nonnativeSelectorCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // Instance methods + hasOwn = ( {} ).hasOwnProperty, + arr = [], + pop = arr.pop, + pushNative = arr.push, + push = arr.push, + slice = arr.slice, + + // Use a stripped-down indexOf as it's faster than native + // https://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[ i ] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + + "ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram + identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + + "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + + // "Attribute values must be CSS identifiers [capture 5] + // or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + + whitespace + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + + "*" ), + rdescend = new RegExp( whitespace + "|>" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + + whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + + whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rhtml = /HTML$/i, + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + + // CSS escapes + // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), + funescape = function( escape, nonHex ) { + var high = "0x" + escape.slice( 1 ) - 0x10000; + + return nonHex ? + + // Strip the backslash prefix from a non-hex escape sequence + nonHex : + + // Replace a hexadecimal escape sequence with the encoded Unicode code point + // Support: IE <=11+ + // For values outside the Basic Multilingual Plane (BMP), manually construct a + // surrogate pair + high < 0 ? + String.fromCharCode( high + 0x10000 ) : + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // CSS string/identifier serialization + // https://drafts.csswg.org/cssom/#common-serializing-idioms + rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, + fcssescape = function( ch, asCodePoint ) { + if ( asCodePoint ) { + + // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER + if ( ch === "\0" ) { + return "\uFFFD"; + } + + // Control characters and (dependent upon position) numbers get escaped as code points + return ch.slice( 0, -1 ) + "\\" + + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; + } + + // Other potentially-special ASCII characters get backslash-escaped + return "\\" + ch; + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }, + + inDisabledFieldset = addCombinator( + function( elem ) { + return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; + }, + { dir: "parentNode", next: "legend" } + ); + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + ( arr = slice.call( preferredDoc.childNodes ) ), + preferredDoc.childNodes + ); + + // Support: Android<4.0 + // Detect silently failing push.apply + // eslint-disable-next-line no-unused-expressions + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + pushNative.apply( target, slice.call( els ) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + + // Can't trust NodeList.length + while ( ( target[ j++ ] = els[ i++ ] ) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + setDocument( context ); + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { + + // ID selector + if ( ( m = match[ 1 ] ) ) { + + // Document context + if ( nodeType === 9 ) { + if ( ( elem = context.getElementById( m ) ) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && ( elem = newContext.getElementById( m ) ) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[ 2 ] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !nonnativeSelectorCache[ selector + " " ] && + ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && + + // Support: IE 8 only + // Exclude object elements + ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { + + newSelector = selector; + newContext = context; + + // qSA considers elements outside a scoping root when evaluating child or + // descendant combinators, which is not what we want. + // In such cases, we work around the behavior by prefixing every selector in the + // list with an ID selector referencing the scope context. + // The technique has to be used as well when a leading combinator is used + // as such selectors are not recognized by querySelectorAll. + // Thanks to Andrew Dupont for this technique. + if ( nodeType === 1 && + ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + + // We can use :scope instead of the ID hack if the browser + // supports it & if we're not changing the context. + if ( newContext !== context || !support.scope ) { + + // Capture the context ID, setting it first if necessary + if ( ( nid = context.getAttribute( "id" ) ) ) { + nid = nid.replace( rcssescape, fcssescape ); + } else { + context.setAttribute( "id", ( nid = expando ) ); + } + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + while ( i-- ) { + groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + + toSelector( groups[ i ] ); + } + newSelector = groups.join( "," ); + } + + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + nonnativeSelectorCache( selector, true ); + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return ( cache[ key + " " ] = value ); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created element and returns a boolean result + */ +function assert( fn ) { + var el = document.createElement( "fieldset" ); + + try { + return !!fn( el ); + } catch ( e ) { + return false; + } finally { + + // Remove from its parent by default + if ( el.parentNode ) { + el.parentNode.removeChild( el ); + } + + // release memory in IE + el = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split( "|" ), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[ i ] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + a.sourceIndex - b.sourceIndex; + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( ( cur = cur.nextSibling ) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return ( name === "input" || name === "button" ) && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for :enabled/:disabled + * @param {Boolean} disabled true for :disabled; false for :enabled + */ +function createDisabledPseudo( disabled ) { + + // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable + return function( elem ) { + + // Only certain elements can match :enabled or :disabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled + if ( "form" in elem ) { + + // Check for inherited disabledness on relevant non-disabled elements: + // * listed form-associated elements in a disabled fieldset + // https://html.spec.whatwg.org/multipage/forms.html#category-listed + // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled + // * option elements in a disabled optgroup + // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled + // All such elements have a "form" property. + if ( elem.parentNode && elem.disabled === false ) { + + // Option elements defer to a parent optgroup if present + if ( "label" in elem ) { + if ( "label" in elem.parentNode ) { + return elem.parentNode.disabled === disabled; + } else { + return elem.disabled === disabled; + } + } + + // Support: IE 6 - 11 + // Use the isDisabled shortcut property to check for disabled fieldset ancestors + return elem.isDisabled === disabled || + + // Where there is no isDisabled, check manually + /* jshint -W018 */ + elem.isDisabled !== !disabled && + inDisabledFieldset( elem ) === disabled; + } + + return elem.disabled === disabled; + + // Try to winnow out elements that can't be disabled before trusting the disabled property. + // Some victims get caught in our net (label, legend, menu, track), but it shouldn't + // even exist on them, let alone have a boolean value. + } else if ( "label" in elem ) { + return elem.disabled === disabled; + } + + // Remaining elements are neither :enabled nor :disabled + return false; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction( function( argument ) { + argument = +argument; + return markFunction( function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ ( j = matchIndexes[ i ] ) ] ) { + seed[ j ] = !( matches[ j ] = seed[ j ] ); + } + } + } ); + } ); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + var namespace = elem.namespaceURI, + docElem = ( elem.ownerDocument || elem ).documentElement; + + // Support: IE <=8 + // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes + // https://bugs.jquery.com/ticket/4833 + return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, subWindow, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9 - 11+, Edge 12 - 18+ + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( preferredDoc != document && + ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { + + // Support: IE 11, Edge + if ( subWindow.addEventListener ) { + subWindow.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( subWindow.attachEvent ) { + subWindow.attachEvent( "onunload", unloadHandler ); + } + } + + // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, + // Safari 4 - 5 only, Opera <=11.6 - 12.x only + // IE/Edge & older browsers don't support the :scope pseudo-class. + // Support: Safari 6.0 only + // Safari 6.0 supports :scope but it's an alias of :root there. + support.scope = assert( function( el ) { + docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); + return typeof el.querySelectorAll !== "undefined" && + !el.querySelectorAll( ":scope fieldset div" ).length; + } ); + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert( function( el ) { + el.className = "i"; + return !el.getAttribute( "className" ); + } ); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert( function( el ) { + el.appendChild( document.createComment( "" ) ); + return !el.getElementsByTagName( "*" ).length; + } ); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programmatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert( function( el ) { + docElem.appendChild( el ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + } ); + + // ID filter and find + if ( support.getById ) { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute( "id" ) === attrId; + }; + }; + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var elem = context.getElementById( id ); + return elem ? [ elem ] : []; + } + }; + } else { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode( "id" ); + return node && node.value === attrId; + }; + }; + + // Support: IE 6 - 7 only + // getElementById is not reliable as a find shortcut + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var node, i, elems, + elem = context.getElementById( id ); + + if ( elem ) { + + // Verify the id attribute + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + + // Fall back on getElementsByName + elems = context.getElementsByName( id ); + i = 0; + while ( ( elem = elems[ i++ ] ) ) { + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + } + } + + return []; + } + }; + } + + // Tag + Expr.find[ "TAG" ] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See https://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { + + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert( function( el ) { + + var input; + + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // https://bugs.jquery.com/ticket/12359 + docElem.appendChild( el ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !el.querySelectorAll( "[selected]" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push( "~=" ); + } + + // Support: IE 11+, Edge 15 - 18+ + // IE 11/Edge don't find elements on a `[name='']` query in some cases. + // Adding a temporary attribute to the document before the selection works + // around the issue. + // Interestingly, IE 10 & older don't seem to have the issue. + input = document.createElement( "input" ); + input.setAttribute( "name", "" ); + el.appendChild( input ); + if ( !el.querySelectorAll( "[name='']" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + + whitespace + "*(?:''|\"\")" ); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !el.querySelectorAll( ":checked" ).length ) { + rbuggyQSA.push( ":checked" ); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibling-combinator selector` fails + if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push( ".#.+[+~]" ); + } + + // Support: Firefox <=3.6 - 5 only + // Old Firefox doesn't throw on a badly-escaped identifier. + el.querySelectorAll( "\\\f" ); + rbuggyQSA.push( "[\\r\\n\\f]" ); + } ); + + assert( function( el ) { + el.innerHTML = "" + + ""; + + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement( "input" ); + input.setAttribute( "type", "hidden" ); + el.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( el.querySelectorAll( "[name=d]" ).length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: IE9-11+ + // IE's :disabled selector does not pick up the children of disabled fieldsets + docElem.appendChild( el ).disabled = true; + if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: Opera 10 - 11 only + // Opera 10-11 does not throw on post-comma invalid pseudos + el.querySelectorAll( "*,:x" ); + rbuggyQSA.push( ",.*:" ); + } ); + } + + if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector ) ) ) ) { + + assert( function( el ) { + + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( el, "*" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( el, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + } ); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + ) ); + } : + function( a, b ) { + if ( b ) { + while ( ( b = b.parentNode ) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { + + // Choose the first element that is related to our preferred document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( a == document || a.ownerDocument == preferredDoc && + contains( preferredDoc, a ) ) { + return -1; + } + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( b == document || b.ownerDocument == preferredDoc && + contains( preferredDoc, b ) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + return a == document ? -1 : + b == document ? 1 : + /* eslint-enable eqeqeq */ + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( ( cur = cur.parentNode ) ) { + ap.unshift( cur ); + } + cur = b; + while ( ( cur = cur.parentNode ) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[ i ] === bp[ i ] ) { + i++; + } + + return i ? + + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[ i ], bp[ i ] ) : + + // Otherwise nodes in our document sort first + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + ap[ i ] == preferredDoc ? -1 : + bp[ i ] == preferredDoc ? 1 : + /* eslint-enable eqeqeq */ + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + setDocument( elem ); + + if ( support.matchesSelector && documentIsHTML && + !nonnativeSelectorCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch ( e ) { + nonnativeSelectorCache( expr, true ); + } + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( context.ownerDocument || context ) != document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( elem.ownerDocument || elem ) != document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; +}; + +Sizzle.escape = function( sel ) { + return ( sel + "" ).replace( rcssescape, fcssescape ); +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + + // If no nodeType, this is expected to be an array + while ( ( node = elem[ i++ ] ) ) { + + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[ 1 ] = match[ 1 ].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[ 3 ] = ( match[ 3 ] || match[ 4 ] || + match[ 5 ] || "" ).replace( runescape, funescape ); + + if ( match[ 2 ] === "~=" ) { + match[ 3 ] = " " + match[ 3 ] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[ 1 ] = match[ 1 ].toLowerCase(); + + if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { + + // nth-* requires argument + if ( !match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[ 4 ] = +( match[ 4 ] ? + match[ 5 ] + ( match[ 6 ] || 1 ) : + 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); + match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); + + // other types prohibit arguments + } else if ( match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[ 6 ] && match[ 2 ]; + + if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[ 3 ] ) { + match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + + // Get excess from tokenize (recursively) + ( excess = tokenize( unquoted, true ) ) && + + // advance to the next closing parenthesis + ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { + + // excess is a negative index + match[ 0 ] = match[ 0 ].slice( 0, excess ); + match[ 2 ] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { + return true; + } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + ( pattern = new RegExp( "(^|" + whitespace + + ")" + className + "(" + whitespace + "|$)" ) ) && classCache( + className, function( elem ) { + return pattern.test( + typeof elem.className === "string" && elem.className || + typeof elem.getAttribute !== "undefined" && + elem.getAttribute( "class" ) || + "" + ); + } ); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + /* eslint-disable max-len */ + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + /* eslint-enable max-len */ + + }; + }, + + "CHILD": function( type, what, _argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, _context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( ( node = node[ dir ] ) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( ( node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + + // Use previously-cached element index if available + if ( useCache ) { + + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + + // Use the same loop as above to seek `elem` from the start + while ( ( node = ++nodeIndex && node && node[ dir ] || + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || + ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction( function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[ i ] ); + seed[ idx ] = !( matches[ idx ] = matched[ i ] ); + } + } ) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + + // Potentially complex pseudos + "not": markFunction( function( selector ) { + + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction( function( seed, matches, _context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( ( elem = unmatched[ i ] ) ) { + seed[ i ] = !( matches[ i ] = elem ); + } + } + } ) : + function( elem, _context, xml ) { + input[ 0 ] = elem; + matcher( input, null, xml, results ); + + // Don't keep the element (issue #299) + input[ 0 ] = null; + return !results.pop(); + }; + } ), + + "has": markFunction( function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + } ), + + "contains": markFunction( function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; + }; + } ), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + + // lang value must be a valid identifier + if ( !ridentifier.test( lang || "" ) ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( ( elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); + return false; + }; + } ), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && + ( !document.hasFocus || document.hasFocus() ) && + !!( elem.type || elem.href || ~elem.tabIndex ); + }, + + // Boolean properties + "enabled": createDisabledPseudo( false ), + "disabled": createDisabledPseudo( true ), + + "checked": function( elem ) { + + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return ( nodeName === "input" && !!elem.checked ) || + ( nodeName === "option" && !!elem.selected ); + }, + + "selected": function( elem ) { + + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + // eslint-disable-next-line no-unused-expressions + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos[ "empty" ]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( ( attr = elem.getAttribute( "type" ) ) == null || + attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo( function() { + return [ 0 ]; + } ), + + "last": createPositionalPseudo( function( _matchIndexes, length ) { + return [ length - 1 ]; + } ), + + "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + } ), + + "even": createPositionalPseudo( function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "odd": createPositionalPseudo( function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? + argument + length : + argument > length ? + length : + argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ) + } +}; + +Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || ( match = rcomma.exec( soFar ) ) ) { + if ( match ) { + + // Don't consume trailing commas as valid + soFar = soFar.slice( match[ 0 ].length ) || soFar; + } + groups.push( ( tokens = [] ) ); + } + + matched = false; + + // Combinators + if ( ( match = rcombinators.exec( soFar ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + + // Cast descendant combinators to space + type: match[ 0 ].replace( rtrim, " " ) + } ); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || + ( match = preFilters[ type ]( match ) ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + type: type, + matches: match + } ); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[ i ].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + skip = combinator.next, + key = skip || dir, + checkNonElements = base && key === "parentNode", + doneName = done++; + + return combinator.first ? + + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + return false; + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || ( elem[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || + ( outerCache[ elem.uniqueID ] = {} ); + + if ( skip && skip === elem.nodeName.toLowerCase() ) { + elem = elem[ dir ] || elem; + } else if ( ( oldCache = uniqueCache[ key ] ) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return ( newCache[ 2 ] = oldCache[ 2 ] ); + } else { + + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ key ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { + return true; + } + } + } + } + } + return false; + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[ i ]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[ 0 ]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[ i ], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( ( elem = unmatched[ i ] ) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction( function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( + selector || "*", + context.nodeType ? [ context ] : context, + [] + ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( ( elem = temp[ i ] ) ) { + matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) ) { + + // Restore matcherIn since elem is not yet a final match + temp.push( ( matcherIn[ i ] = elem ) ); + } + } + postFinder( null, ( matcherOut = [] ), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) && + ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { + + seed[ temp ] = !( results[ temp ] = elem ); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + } ); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[ 0 ].type ], + implicitRelative = leadingRelative || Expr.relative[ " " ], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + ( checkContext = context ).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { + matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; + } else { + matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[ j ].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens + .slice( 0, i - 1 ) + .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), + + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), + len = elems.length; + + if ( outermost ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + outermostContext = context == document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( !context && elem.ownerDocument != document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( ( matcher = elementMatchers[ j++ ] ) ) { + if ( matcher( elem, context || document, xml ) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + + // They will have gone through all possible matchers + if ( ( elem = !matcher && elem ) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( ( matcher = setMatchers[ j++ ] ) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !( unmatched[ i ] || setMatched[ i ] ) ) { + setMatched[ i ] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[ i ] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( + selector, + matcherFromGroupMatchers( elementMatchers, setMatchers ) + ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( ( selector = compiled.selector || selector ) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[ 0 ] = match[ 0 ].slice( 0 ); + if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && + context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { + + context = ( Expr.find[ "ID" ]( token.matches[ 0 ] + .replace( runescape, funescape ), context ) || [] )[ 0 ]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[ i ]; + + // Abort if we hit a combinator + if ( Expr.relative[ ( type = token.type ) ] ) { + break; + } + if ( ( find = Expr.find[ type ] ) ) { + + // Search, expanding context for leading sibling combinators + if ( ( seed = find( + token.matches[ 0 ].replace( runescape, funescape ), + rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || + context + ) ) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert( function( el ) { + + // Should return 1, but returns 4 (following) + return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; +} ); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert( function( el ) { + el.innerHTML = ""; + return el.firstChild.getAttribute( "href" ) === "#"; +} ) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + } ); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert( function( el ) { + el.innerHTML = ""; + el.firstChild.setAttribute( "value", "" ); + return el.firstChild.getAttribute( "value" ) === ""; +} ) ) { + addHandle( "value", function( elem, _name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + } ); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert( function( el ) { + return el.getAttribute( "disabled" ) == null; +} ) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; + } + } ); +} + +return Sizzle; + +} )( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; + +// Deprecated +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; +jQuery.escapeSelector = Sizzle.escape; + + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + + + +function nodeName( elem, name ) { + + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + +}; +var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); + + + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + return !!qualifier.call( elem, i, elem ) !== not; + } ); + } + + // Single element + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + } + + // Arraylike of elements (jQuery, arguments, Array) + if ( typeof qualifier !== "string" ) { + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); + } + + // Filtered directly for both simple and complex selectors + return jQuery.filter( qualifier, elements, not ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + if ( elems.length === 1 && elem.nodeType === 1 ) { + return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; + } + + return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, ret, + len = this.length, + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + ret = this.pushStack( [] ); + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + return len > 1 ? jQuery.uniqueSort( ret ) : ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + // Shortcut simple #id case for speed + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + if ( elem ) { + + // Inject the element directly into the jQuery object + this[ 0 ] = elem; + this.length = 1; + } + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + targets = typeof selectors !== "string" && jQuery( selectors ); + + // Positional selectors never match, since there's no _selection_ context + if ( !rneedsContext.test( selectors ) ) { + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( targets ? + targets.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, _i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, _i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, _i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + if ( elem.contentDocument != null && + + // Support: IE 11+ + // elements with no `data` attribute has an object + // `contentDocument` with a `null` prototype. + getProto( elem.contentDocument ) ) { + + return elem.contentDocument; + } + + // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only + // Treat the template element as a regular one in browsers that + // don't support it. + if ( nodeName( elem, "template" ) ) { + elem = elem.content || elem; + } + + return jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = locked || options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && toType( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory && !firing ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +function Identity( v ) { + return v; +} +function Thrower( ex ) { + throw ex; +} + +function adoptValue( value, resolve, reject, noValue ) { + var method; + + try { + + // Check for promise aspect first to privilege synchronous behavior + if ( value && isFunction( ( method = value.promise ) ) ) { + method.call( value ).done( resolve ).fail( reject ); + + // Other thenables + } else if ( value && isFunction( ( method = value.then ) ) ) { + method.call( value, resolve, reject ); + + // Other non-thenables + } else { + + // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: + // * false: [ value ].slice( 0 ) => resolve( value ) + // * true: [ value ].slice( 1 ) => resolve() + resolve.apply( undefined, [ value ].slice( noValue ) ); + } + + // For Promises/A+, convert exceptions into rejections + // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in + // Deferred#then to conditionally suppress rejection. + } catch ( value ) { + + // Support: Android 4.0 only + // Strict mode functions invoked without .call/.apply get global-object context + reject.apply( undefined, [ value ] ); + } +} + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, callbacks, + // ... .then handlers, argument index, [final state] + [ "notify", "progress", jQuery.Callbacks( "memory" ), + jQuery.Callbacks( "memory" ), 2 ], + [ "resolve", "done", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 0, "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 1, "rejected" ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + "catch": function( fn ) { + return promise.then( null, fn ); + }, + + // Keep pipe for back-compat + pipe: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( _i, tuple ) { + + // Map tuples (progress, done, fail) to arguments (done, fail, progress) + var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; + + // deferred.progress(function() { bind to newDefer or newDefer.notify }) + // deferred.done(function() { bind to newDefer or newDefer.resolve }) + // deferred.fail(function() { bind to newDefer or newDefer.reject }) + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + then: function( onFulfilled, onRejected, onProgress ) { + var maxDepth = 0; + function resolve( depth, deferred, handler, special ) { + return function() { + var that = this, + args = arguments, + mightThrow = function() { + var returned, then; + + // Support: Promises/A+ section 2.3.3.3.3 + // https://promisesaplus.com/#point-59 + // Ignore double-resolution attempts + if ( depth < maxDepth ) { + return; + } + + returned = handler.apply( that, args ); + + // Support: Promises/A+ section 2.3.1 + // https://promisesaplus.com/#point-48 + if ( returned === deferred.promise() ) { + throw new TypeError( "Thenable self-resolution" ); + } + + // Support: Promises/A+ sections 2.3.3.1, 3.5 + // https://promisesaplus.com/#point-54 + // https://promisesaplus.com/#point-75 + // Retrieve `then` only once + then = returned && + + // Support: Promises/A+ section 2.3.4 + // https://promisesaplus.com/#point-64 + // Only check objects and functions for thenability + ( typeof returned === "object" || + typeof returned === "function" ) && + returned.then; + + // Handle a returned thenable + if ( isFunction( then ) ) { + + // Special processors (notify) just wait for resolution + if ( special ) { + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ) + ); + + // Normal processors (resolve) also hook into progress + } else { + + // ...and disregard older resolution values + maxDepth++; + + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ), + resolve( maxDepth, deferred, Identity, + deferred.notifyWith ) + ); + } + + // Handle all other returned values + } else { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Identity ) { + that = undefined; + args = [ returned ]; + } + + // Process the value(s) + // Default process is resolve + ( special || deferred.resolveWith )( that, args ); + } + }, + + // Only normal processors (resolve) catch and reject exceptions + process = special ? + mightThrow : + function() { + try { + mightThrow(); + } catch ( e ) { + + if ( jQuery.Deferred.exceptionHook ) { + jQuery.Deferred.exceptionHook( e, + process.stackTrace ); + } + + // Support: Promises/A+ section 2.3.3.3.4.1 + // https://promisesaplus.com/#point-61 + // Ignore post-resolution exceptions + if ( depth + 1 >= maxDepth ) { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Thrower ) { + that = undefined; + args = [ e ]; + } + + deferred.rejectWith( that, args ); + } + } + }; + + // Support: Promises/A+ section 2.3.3.3.1 + // https://promisesaplus.com/#point-57 + // Re-resolve promises immediately to dodge false rejection from + // subsequent errors + if ( depth ) { + process(); + } else { + + // Call an optional hook to record the stack, in case of exception + // since it's otherwise lost when execution goes async + if ( jQuery.Deferred.getStackHook ) { + process.stackTrace = jQuery.Deferred.getStackHook(); + } + window.setTimeout( process ); + } + }; + } + + return jQuery.Deferred( function( newDefer ) { + + // progress_handlers.add( ... ) + tuples[ 0 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onProgress ) ? + onProgress : + Identity, + newDefer.notifyWith + ) + ); + + // fulfilled_handlers.add( ... ) + tuples[ 1 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onFulfilled ) ? + onFulfilled : + Identity + ) + ); + + // rejected_handlers.add( ... ) + tuples[ 2 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onRejected ) ? + onRejected : + Thrower + ) + ); + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 5 ]; + + // promise.progress = list.add + // promise.done = list.add + // promise.fail = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( + function() { + + // state = "resolved" (i.e., fulfilled) + // state = "rejected" + state = stateString; + }, + + // rejected_callbacks.disable + // fulfilled_callbacks.disable + tuples[ 3 - i ][ 2 ].disable, + + // rejected_handlers.disable + // fulfilled_handlers.disable + tuples[ 3 - i ][ 3 ].disable, + + // progress_callbacks.lock + tuples[ 0 ][ 2 ].lock, + + // progress_handlers.lock + tuples[ 0 ][ 3 ].lock + ); + } + + // progress_handlers.fire + // fulfilled_handlers.fire + // rejected_handlers.fire + list.add( tuple[ 3 ].fire ); + + // deferred.notify = function() { deferred.notifyWith(...) } + // deferred.resolve = function() { deferred.resolveWith(...) } + // deferred.reject = function() { deferred.rejectWith(...) } + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); + return this; + }; + + // deferred.notifyWith = list.fireWith + // deferred.resolveWith = list.fireWith + // deferred.rejectWith = list.fireWith + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( singleValue ) { + var + + // count of uncompleted subordinates + remaining = arguments.length, + + // count of unprocessed arguments + i = remaining, + + // subordinate fulfillment data + resolveContexts = Array( i ), + resolveValues = slice.call( arguments ), + + // the master Deferred + master = jQuery.Deferred(), + + // subordinate callback factory + updateFunc = function( i ) { + return function( value ) { + resolveContexts[ i ] = this; + resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( !( --remaining ) ) { + master.resolveWith( resolveContexts, resolveValues ); + } + }; + }; + + // Single- and empty arguments are adopted like Promise.resolve + if ( remaining <= 1 ) { + adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject, + !remaining ); + + // Use .then() to unwrap secondary thenables (cf. gh-3000) + if ( master.state() === "pending" || + isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { + + return master.then(); + } + } + + // Multiple arguments are aggregated like Promise.all array elements + while ( i-- ) { + adoptValue( resolveValues[ i ], updateFunc( i ), master.reject ); + } + + return master.promise(); + } +} ); + + +// These usually indicate a programmer mistake during development, +// warn about them ASAP rather than swallowing them by default. +var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; + +jQuery.Deferred.exceptionHook = function( error, stack ) { + + // Support: IE 8 - 9 only + // Console exists when dev tools are open, which can happen at any time + if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { + window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); + } +}; + + + + +jQuery.readyException = function( error ) { + window.setTimeout( function() { + throw error; + } ); +}; + + + + +// The deferred used on DOM ready +var readyList = jQuery.Deferred(); + +jQuery.fn.ready = function( fn ) { + + readyList + .then( fn ) + + // Wrap jQuery.readyException in a function so that the lookup + // happens at the time of error handling instead of callback + // registration. + .catch( function( error ) { + jQuery.readyException( error ); + } ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + } +} ); + +jQuery.ready.then = readyList.then; + +// The ready event handler and self cleanup method +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +// Catch cases where $(document).ready() is called +// after the browser event has already occurred. +// Support: IE <=9 - 10 only +// Older IE sometimes signals "interactive" too soon +if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + +} else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); +} + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( toType( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, _key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + if ( chainable ) { + return elems; + } + + // Gets + if ( bulk ) { + return fn.call( elems ); + } + + return len ? fn( elems[ 0 ], key ) : emptyGet; +}; + + +// Matches dashed string for camelizing +var rmsPrefix = /^-ms-/, + rdashAlpha = /-([a-z])/g; + +// Used by camelCase as callback to replace() +function fcamelCase( _all, letter ) { + return letter.toUpperCase(); +} + +// Convert dashed to camelCase; used by the css and data modules +// Support: IE <=9 - 11, Edge 12 - 15 +// Microsoft forgot to hump their vendor prefix (#9572) +function camelCase( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); +} +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + cache: function( owner ) { + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + // Always use camelCase key (gh-2257) + if ( typeof data === "string" ) { + cache[ camelCase( data ) ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ camelCase( prop ) ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + + // Always use camelCase key (gh-2257) + owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; + }, + access: function( owner, key, value ) { + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + return this.get( owner, key ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key !== undefined ) { + + // Support array or space separated string of keys + if ( Array.isArray( key ) ) { + + // If key is an array of keys... + // We always set camelCase keys, so remove that. + key = key.map( camelCase ); + } else { + key = camelCase( key ); + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + key = key in cache ? + [ key ] : + ( key.match( rnothtmlwhite ) || [] ); + } + + i = key.length; + + while ( i-- ) { + delete cache[ key[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <=35 - 45 + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function getData( data ) { + if ( data === "true" ) { + return true; + } + + if ( data === "false" ) { + return false; + } + + if ( data === "null" ) { + return null; + } + + // Only convert to a number if it doesn't change the string + if ( data === +data + "" ) { + return +data; + } + + if ( rbrace.test( data ) ) { + return JSON.parse( data ); + } + + return data; +} + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = getData( data ); + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE 11 only + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // The key will always be camelCased in Data + data = dataUser.get( elem, key ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, key ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + this.each( function() { + + // We always store the camelCased key + dataUser.set( this, key, value ); + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || Array.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var documentElement = document.documentElement; + + + + var isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ); + }, + composed = { composed: true }; + + // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only + // Check attachment across shadow DOM boundaries when possible (gh-3504) + // Support: iOS 10.0-10.2 only + // Early iOS 10 versions support `attachShadow` but not `getRootNode`, + // leading to errors. We need to check for `getRootNode`. + if ( documentElement.getRootNode ) { + isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ) || + elem.getRootNode( composed ) === elem.ownerDocument; + }; + } +var isHiddenWithinTree = function( elem, el ) { + + // isHiddenWithinTree might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + + // Inline style trumps all + return elem.style.display === "none" || + elem.style.display === "" && + + // Otherwise, check computed style + // Support: Firefox <=43 - 45 + // Disconnected elements can have computed display: none, so first confirm that elem is + // in the document. + isAttached( elem ) && + + jQuery.css( elem, "display" ) === "none"; + }; + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, scale, + maxIterations = 20, + currentValue = tween ? + function() { + return tween.cur(); + } : + function() { + return jQuery.css( elem, prop, "" ); + }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = elem.nodeType && + ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Support: Firefox <=54 + // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) + initial = initial / 2; + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + while ( maxIterations-- ) { + + // Evaluate and update our best guess (doubling guesses that zero out). + // Finish if the scale equals or crosses 1 (making the old*new product non-positive). + jQuery.style( elem, prop, initialInUnit + unit ); + if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { + maxIterations = 0; + } + initialInUnit = initialInUnit / scale; + + } + + initialInUnit = initialInUnit * 2; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} + + +var defaultDisplayMap = {}; + +function getDefaultDisplay( elem ) { + var temp, + doc = elem.ownerDocument, + nodeName = elem.nodeName, + display = defaultDisplayMap[ nodeName ]; + + if ( display ) { + return display; + } + + temp = doc.body.appendChild( doc.createElement( nodeName ) ); + display = jQuery.css( temp, "display" ); + + temp.parentNode.removeChild( temp ); + + if ( display === "none" ) { + display = "block"; + } + defaultDisplayMap[ nodeName ] = display; + + return display; +} + +function showHide( elements, show ) { + var display, elem, + values = [], + index = 0, + length = elements.length; + + // Determine new display value for elements that need to change + for ( ; index < length; index++ ) { + elem = elements[ index ]; + if ( !elem.style ) { + continue; + } + + display = elem.style.display; + if ( show ) { + + // Since we force visibility upon cascade-hidden elements, an immediate (and slow) + // check is required in this first loop unless we have a nonempty display value (either + // inline or about-to-be-restored) + if ( display === "none" ) { + values[ index ] = dataPriv.get( elem, "display" ) || null; + if ( !values[ index ] ) { + elem.style.display = ""; + } + } + if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { + values[ index ] = getDefaultDisplay( elem ); + } + } else { + if ( display !== "none" ) { + values[ index ] = "none"; + + // Remember what we're overwriting + dataPriv.set( elem, "display", display ); + } + } + } + + // Set the display of the elements in a second loop to avoid constant reflow + for ( index = 0; index < length; index++ ) { + if ( values[ index ] != null ) { + elements[ index ].style.display = values[ index ]; + } + } + + return elements; +} + +jQuery.fn.extend( { + show: function() { + return showHide( this, true ); + }, + hide: function() { + return showHide( this ); + }, + toggle: function( state ) { + if ( typeof state === "boolean" ) { + return state ? this.show() : this.hide(); + } + + return this.each( function() { + if ( isHiddenWithinTree( this ) ) { + jQuery( this ).show(); + } else { + jQuery( this ).hide(); + } + } ); + } +} ); +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); + +var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); + + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0 - 4.3 only + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Android <=4.1 only + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE <=11 only + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; + + // Support: IE <=9 only + // IE <=9 replaces "; + support.option = !!div.lastChild; +} )(); + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + +// Support: IE <=9 only +if ( !support.option ) { + wrapMap.optgroup = wrapMap.option = [ 1, "" ]; +} + + +function getAll( context, tag ) { + + // Support: IE <=9 - 11 only + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret; + + if ( typeof context.getElementsByTagName !== "undefined" ) { + ret = context.getElementsByTagName( tag || "*" ); + + } else if ( typeof context.querySelectorAll !== "undefined" ) { + ret = context.querySelectorAll( tag || "*" ); + + } else { + ret = []; + } + + if ( tag === undefined || tag && nodeName( context, tag ) ) { + return jQuery.merge( [ context ], ret ); + } + + return ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, attached, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( toType( elem ) === "object" ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + attached = isAttached( elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( attached ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +var + rkeyEvent = /^key/, + rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/, + rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE <=9 - 11+ +// focus() and blur() are asynchronous, except when they are no-op. +// So expect focus to be synchronous when the element is already active, +// and blur to be synchronous when the element is not already active. +// (focus and blur are always synchronous in other supported browsers, +// this just defines when we can count on it). +function expectSync( elem, type ) { + return ( elem === safeActiveElement() ) === ( type === "focus" ); +} + +// Support: IE <=9 only +// Accessing document.activeElement can throw unexpectedly +// https://bugs.jquery.com/ticket/13393 +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Only attach events to objects that accept data + if ( !acceptData( elem ) ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Ensure that invalid selectors throw exceptions at attach time + // Evaluate against documentElement in case elem is a non-element node (e.g., document) + if ( selector ) { + jQuery.find.matchesSelector( documentElement, selector ); + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = Object.create( null ); + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( nativeEvent ) { + + var i, j, ret, matched, handleObj, handlerQueue, + args = new Array( arguments.length ), + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( nativeEvent ), + + handlers = ( + dataPriv.get( this, "events" ) || Object.create( null ) + )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + + for ( i = 1; i < arguments.length; i++ ) { + args[ i ] = arguments[ i ]; + } + + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // If the event is namespaced, then each handler is only invoked if it is + // specially universal or its namespaces are a superset of the event's. + if ( !event.rnamespace || handleObj.namespace === false || + event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, handleObj, sel, matchedHandlers, matchedSelectors, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Find delegate handlers + if ( delegateCount && + + // Support: IE <=9 + // Black-hole SVG instance trees (trac-13180) + cur.nodeType && + + // Support: Firefox <=42 + // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) + // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click + // Support: IE 11 only + // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) + !( event.type === "click" && event.button >= 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { + matchedHandlers = []; + matchedSelectors = {}; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matchedSelectors[ sel ] === undefined ) { + matchedSelectors[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matchedSelectors[ sel ] ) { + matchedHandlers.push( handleObj ); + } + } + if ( matchedHandlers.length ) { + handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + cur = this; + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + addProp: function( name, hook ) { + Object.defineProperty( jQuery.Event.prototype, name, { + enumerable: true, + configurable: true, + + get: isFunction( hook ) ? + function() { + if ( this.originalEvent ) { + return hook( this.originalEvent ); + } + } : + function() { + if ( this.originalEvent ) { + return this.originalEvent[ name ]; + } + }, + + set: function( value ) { + Object.defineProperty( this, name, { + enumerable: true, + configurable: true, + writable: true, + value: value + } ); + } + } ); + }, + + fix: function( originalEvent ) { + return originalEvent[ jQuery.expando ] ? + originalEvent : + new jQuery.Event( originalEvent ); + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + click: { + + // Utilize native event to ensure correct state for checkable inputs + setup: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Claim the first handler + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + // dataPriv.set( el, "click", ... ) + leverageNative( el, "click", returnTrue ); + } + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Force setup before triggering a click + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + leverageNative( el, "click" ); + } + + // Return non-false to allow normal event-path propagation + return true; + }, + + // For cross-browser consistency, suppress native .click() on links + // Also prevent it if we're currently inside a leveraged native-event stack + _default: function( event ) { + var target = event.target; + return rcheckableType.test( target.type ) && + target.click && nodeName( target, "input" ) && + dataPriv.get( target, "click" ) || + nodeName( target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +// Ensure the presence of an event listener that handles manually-triggered +// synthetic events by interrupting progress until reinvoked in response to +// *native* events that it fires directly, ensuring that state changes have +// already occurred before other listeners are invoked. +function leverageNative( el, type, expectSync ) { + + // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add + if ( !expectSync ) { + if ( dataPriv.get( el, type ) === undefined ) { + jQuery.event.add( el, type, returnTrue ); + } + return; + } + + // Register the controller as a special universal handler for all event namespaces + dataPriv.set( el, type, false ); + jQuery.event.add( el, type, { + namespace: false, + handler: function( event ) { + var notAsync, result, + saved = dataPriv.get( this, type ); + + if ( ( event.isTrigger & 1 ) && this[ type ] ) { + + // Interrupt processing of the outer synthetic .trigger()ed event + // Saved data should be false in such cases, but might be a leftover capture object + // from an async native handler (gh-4350) + if ( !saved.length ) { + + // Store arguments for use when handling the inner native event + // There will always be at least one argument (an event object), so this array + // will not be confused with a leftover capture object. + saved = slice.call( arguments ); + dataPriv.set( this, type, saved ); + + // Trigger the native event and capture its result + // Support: IE <=9 - 11+ + // focus() and blur() are asynchronous + notAsync = expectSync( this, type ); + this[ type ](); + result = dataPriv.get( this, type ); + if ( saved !== result || notAsync ) { + dataPriv.set( this, type, false ); + } else { + result = {}; + } + if ( saved !== result ) { + + // Cancel the outer synthetic event + event.stopImmediatePropagation(); + event.preventDefault(); + return result.value; + } + + // If this is an inner synthetic event for an event with a bubbling surrogate + // (focus or blur), assume that the surrogate already propagated from triggering the + // native event and prevent that from happening again here. + // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the + // bubbling surrogate propagates *after* the non-bubbling base), but that seems + // less bad than duplication. + } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { + event.stopPropagation(); + } + + // If this is a native event triggered above, everything is now in order + // Fire an inner synthetic event with the original arguments + } else if ( saved.length ) { + + // ...and capture the result + dataPriv.set( this, type, { + value: jQuery.event.trigger( + + // Support: IE <=9 - 11+ + // Extend with the prototype to reset the above stopImmediatePropagation() + jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), + saved.slice( 1 ), + this + ) + } ); + + // Abort handling of the native event + event.stopImmediatePropagation(); + } + } + } ); +} + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android <=2.3 only + src.returnValue === false ? + returnTrue : + returnFalse; + + // Create target properties + // Support: Safari <=6 - 7 only + // Target should not be a text node (#504, #13143) + this.target = ( src.target && src.target.nodeType === 3 ) ? + src.target.parentNode : + src.target; + + this.currentTarget = src.currentTarget; + this.relatedTarget = src.relatedTarget; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || Date.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + isSimulated: false, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e && !this.isSimulated ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Includes all common event props including KeyEvent and MouseEvent specific props +jQuery.each( { + altKey: true, + bubbles: true, + cancelable: true, + changedTouches: true, + ctrlKey: true, + detail: true, + eventPhase: true, + metaKey: true, + pageX: true, + pageY: true, + shiftKey: true, + view: true, + "char": true, + code: true, + charCode: true, + key: true, + keyCode: true, + button: true, + buttons: true, + clientX: true, + clientY: true, + offsetX: true, + offsetY: true, + pointerId: true, + pointerType: true, + screenX: true, + screenY: true, + targetTouches: true, + toElement: true, + touches: true, + + which: function( event ) { + var button = event.button; + + // Add which for key events + if ( event.which == null && rkeyEvent.test( event.type ) ) { + return event.charCode != null ? event.charCode : event.keyCode; + } + + // Add which for click: 1 === left; 2 === middle; 3 === right + if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) { + if ( button & 1 ) { + return 1; + } + + if ( button & 2 ) { + return 3; + } + + if ( button & 4 ) { + return 2; + } + + return 0; + } + + return event.which; + } +}, jQuery.event.addProp ); + +jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { + jQuery.event.special[ type ] = { + + // Utilize native event if possible so blur/focus sequence is correct + setup: function() { + + // Claim the first handler + // dataPriv.set( this, "focus", ... ) + // dataPriv.set( this, "blur", ... ) + leverageNative( this, type, expectSync ); + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function() { + + // Force setup before trigger + leverageNative( this, type ); + + // Return non-false to allow normal event-path propagation + return true; + }, + + delegateType: delegateType + }; +} ); + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + + // Support: IE <=10 - 11, Edge 12 - 13 only + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Prefer a tbody over its parent table for containing new rows +function manipulationTarget( elem, content ) { + if ( nodeName( elem, "table" ) && + nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { + + return jQuery( elem ).children( "tbody" )[ 0 ] || elem; + } + + return elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { + elem.type = elem.type.slice( 5 ); + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.get( src ); + events = pdataOld.events; + + if ( events ) { + dataPriv.remove( dest, "handle events" ); + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = flat( args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + valueIsFunction = isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( valueIsFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( valueIsFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl && !node.noModule ) { + jQuery._evalUrl( node.src, { + nonce: node.nonce || node.getAttribute( "nonce" ) + }, doc ); + } + } else { + DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && isAttached( node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html; + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = isAttached( elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: Android <=4.0 only, PhantomJS 1 only + // .get() because push.apply(_, arraylike) throws on ancient WebKit + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); +var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); + +var getStyles = function( elem ) { + + // Support: IE <=11 only, Firefox <=30 (#15098, #14150) + // IE throws on elements created in popups + // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" + var view = elem.ownerDocument.defaultView; + + if ( !view || !view.opener ) { + view = window; + } + + return view.getComputedStyle( elem ); + }; + +var swap = function( elem, options, callback ) { + var ret, name, + old = {}; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.call( elem ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; +}; + + +var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); + + + +( function() { + + // Executing both pixelPosition & boxSizingReliable tests require only one layout + // so they're executed at the same time to save the second computation. + function computeStyleTests() { + + // This is a singleton, we need to execute it only once + if ( !div ) { + return; + } + + container.style.cssText = "position:absolute;left:-11111px;width:60px;" + + "margin-top:1px;padding:0;border:0"; + div.style.cssText = + "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + + "margin:auto;border:1px;padding:1px;" + + "width:60%;top:1%"; + documentElement.appendChild( container ).appendChild( div ); + + var divStyle = window.getComputedStyle( div ); + pixelPositionVal = divStyle.top !== "1%"; + + // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 + reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; + + // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 + // Some styles come back with percentage values, even though they shouldn't + div.style.right = "60%"; + pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; + + // Support: IE 9 - 11 only + // Detect misreporting of content dimensions for box-sizing:border-box elements + boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; + + // Support: IE 9 only + // Detect overflow:scroll screwiness (gh-3699) + // Support: Chrome <=64 + // Don't get tricked when zoom affects offsetWidth (gh-4029) + div.style.position = "absolute"; + scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; + + documentElement.removeChild( container ); + + // Nullify the div so it wouldn't be stored in the memory and + // it will also be a sign that checks already performed + div = null; + } + + function roundPixelMeasures( measure ) { + return Math.round( parseFloat( measure ) ); + } + + var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, + reliableTrDimensionsVal, reliableMarginLeftVal, + container = document.createElement( "div" ), + div = document.createElement( "div" ); + + // Finish early in limited (non-browser) environments + if ( !div.style ) { + return; + } + + // Support: IE <=9 - 11 only + // Style of cloned element affects source element cloned (#8908) + div.style.backgroundClip = "content-box"; + div.cloneNode( true ).style.backgroundClip = ""; + support.clearCloneStyle = div.style.backgroundClip === "content-box"; + + jQuery.extend( support, { + boxSizingReliable: function() { + computeStyleTests(); + return boxSizingReliableVal; + }, + pixelBoxStyles: function() { + computeStyleTests(); + return pixelBoxStylesVal; + }, + pixelPosition: function() { + computeStyleTests(); + return pixelPositionVal; + }, + reliableMarginLeft: function() { + computeStyleTests(); + return reliableMarginLeftVal; + }, + scrollboxSize: function() { + computeStyleTests(); + return scrollboxSizeVal; + }, + + // Support: IE 9 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Behavior in IE 9 is more subtle than in newer versions & it passes + // some versions of this test; make sure not to make it pass there! + reliableTrDimensions: function() { + var table, tr, trChild, trStyle; + if ( reliableTrDimensionsVal == null ) { + table = document.createElement( "table" ); + tr = document.createElement( "tr" ); + trChild = document.createElement( "div" ); + + table.style.cssText = "position:absolute;left:-11111px"; + tr.style.height = "1px"; + trChild.style.height = "9px"; + + documentElement + .appendChild( table ) + .appendChild( tr ) + .appendChild( trChild ); + + trStyle = window.getComputedStyle( tr ); + reliableTrDimensionsVal = parseInt( trStyle.height ) > 3; + + documentElement.removeChild( table ); + } + return reliableTrDimensionsVal; + } + } ); +} )(); + + +function curCSS( elem, name, computed ) { + var width, minWidth, maxWidth, ret, + + // Support: Firefox 51+ + // Retrieving style before computed somehow + // fixes an issue with getting wrong values + // on detached elements + style = elem.style; + + computed = computed || getStyles( elem ); + + // getPropertyValue is needed for: + // .css('filter') (IE 9 only, #12537) + // .css('--customProperty) (#3144) + if ( computed ) { + ret = computed.getPropertyValue( name ) || computed[ name ]; + + if ( ret === "" && !isAttached( elem ) ) { + ret = jQuery.style( elem, name ); + } + + // A tribute to the "awesome hack by Dean Edwards" + // Android Browser returns percentage for some values, + // but width seems to be reliably pixels. + // This is against the CSSOM draft spec: + // https://drafts.csswg.org/cssom/#resolved-values + if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { + + // Remember the original values + width = style.width; + minWidth = style.minWidth; + maxWidth = style.maxWidth; + + // Put in the new values to get a computed value out + style.minWidth = style.maxWidth = style.width = ret; + ret = computed.width; + + // Revert the changed values + style.width = width; + style.minWidth = minWidth; + style.maxWidth = maxWidth; + } + } + + return ret !== undefined ? + + // Support: IE <=9 - 11 only + // IE returns zIndex value as an integer. + ret + "" : + ret; +} + + +function addGetHookIf( conditionFn, hookFn ) { + + // Define the hook, we'll check on the first run if it's really needed. + return { + get: function() { + if ( conditionFn() ) { + + // Hook not needed (or it's not possible to use it due + // to missing dependency), remove it. + delete this.get; + return; + } + + // Hook needed; redefine it so that the support test is not executed again. + return ( this.get = hookFn ).apply( this, arguments ); + } + }; +} + + +var cssPrefixes = [ "Webkit", "Moz", "ms" ], + emptyStyle = document.createElement( "div" ).style, + vendorProps = {}; + +// Return a vendor-prefixed property or undefined +function vendorPropName( name ) { + + // Check for vendor prefixed names + var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), + i = cssPrefixes.length; + + while ( i-- ) { + name = cssPrefixes[ i ] + capName; + if ( name in emptyStyle ) { + return name; + } + } +} + +// Return a potentially-mapped jQuery.cssProps or vendor prefixed property +function finalPropName( name ) { + var final = jQuery.cssProps[ name ] || vendorProps[ name ]; + + if ( final ) { + return final; + } + if ( name in emptyStyle ) { + return name; + } + return vendorProps[ name ] = vendorPropName( name ) || name; +} + + +var + + // Swappable if display is none or starts with table + // except "table", "table-cell", or "table-caption" + // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display + rdisplayswap = /^(none|table(?!-c[ea]).+)/, + rcustomProp = /^--/, + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + cssNormalTransform = { + letterSpacing: "0", + fontWeight: "400" + }; + +function setPositiveNumber( _elem, value, subtract ) { + + // Any relative (+/-) values have already been + // normalized at this point + var matches = rcssNum.exec( value ); + return matches ? + + // Guard against undefined "subtract", e.g., when used as in cssHooks + Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : + value; +} + +function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { + var i = dimension === "width" ? 1 : 0, + extra = 0, + delta = 0; + + // Adjustment may not be necessary + if ( box === ( isBorderBox ? "border" : "content" ) ) { + return 0; + } + + for ( ; i < 4; i += 2 ) { + + // Both box models exclude margin + if ( box === "margin" ) { + delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); + } + + // If we get here with a content-box, we're seeking "padding" or "border" or "margin" + if ( !isBorderBox ) { + + // Add padding + delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + + // For "border" or "margin", add border + if ( box !== "padding" ) { + delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + + // But still keep track of it otherwise + } else { + extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + + // If we get here with a border-box (content + padding + border), we're seeking "content" or + // "padding" or "margin" + } else { + + // For "content", subtract padding + if ( box === "content" ) { + delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + } + + // For "content" or "padding", subtract border + if ( box !== "margin" ) { + delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } + } + + // Account for positive content-box scroll gutter when requested by providing computedVal + if ( !isBorderBox && computedVal >= 0 ) { + + // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border + // Assuming integer scroll gutter, subtract the rest and round down + delta += Math.max( 0, Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + computedVal - + delta - + extra - + 0.5 + + // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter + // Use an explicit zero to avoid NaN (gh-3964) + ) ) || 0; + } + + return delta; +} + +function getWidthOrHeight( elem, dimension, extra ) { + + // Start with computed style + var styles = getStyles( elem ), + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). + // Fake content-box until we know it's needed to know the true value. + boxSizingNeeded = !support.boxSizingReliable() || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + valueIsBorderBox = isBorderBox, + + val = curCSS( elem, dimension, styles ), + offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); + + // Support: Firefox <=54 + // Return a confounding non-pixel value or feign ignorance, as appropriate. + if ( rnumnonpx.test( val ) ) { + if ( !extra ) { + return val; + } + val = "auto"; + } + + + // Support: IE 9 - 11 only + // Use offsetWidth/offsetHeight for when box sizing is unreliable. + // In those cases, the computed value can be trusted to be border-box. + if ( ( !support.boxSizingReliable() && isBorderBox || + + // Support: IE 10 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Interestingly, in some cases IE 9 doesn't suffer from this issue. + !support.reliableTrDimensions() && nodeName( elem, "tr" ) || + + // Fall back to offsetWidth/offsetHeight when value is "auto" + // This happens for inline elements with no explicit setting (gh-3571) + val === "auto" || + + // Support: Android <=4.1 - 4.3 only + // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) + !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && + + // Make sure the element is visible & connected + elem.getClientRects().length ) { + + isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; + + // Where available, offsetWidth/offsetHeight approximate border box dimensions. + // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the + // retrieved value as a content box dimension. + valueIsBorderBox = offsetProp in elem; + if ( valueIsBorderBox ) { + val = elem[ offsetProp ]; + } + } + + // Normalize "" and auto + val = parseFloat( val ) || 0; + + // Adjust for the element's box model + return ( val + + boxModelAdjustment( + elem, + dimension, + extra || ( isBorderBox ? "border" : "content" ), + valueIsBorderBox, + styles, + + // Provide the current computed size to request scroll gutter calculation (gh-3589) + val + ) + ) + "px"; +} + +jQuery.extend( { + + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + } + } + } + }, + + // Don't automatically add "px" to these possibly-unitless properties + cssNumber: { + "animationIterationCount": true, + "columnCount": true, + "fillOpacity": true, + "flexGrow": true, + "flexShrink": true, + "fontWeight": true, + "gridArea": true, + "gridColumn": true, + "gridColumnEnd": true, + "gridColumnStart": true, + "gridRow": true, + "gridRowEnd": true, + "gridRowStart": true, + "lineHeight": true, + "opacity": true, + "order": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: {}, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ), + style = elem.style; + + // Make sure that we're working with the right name. We don't + // want to query the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Gets hook for the prefixed version, then unprefixed version + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // Convert "+=" or "-=" to relative numbers (#7345) + if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { + value = adjustCSS( elem, name, ret ); + + // Fixes bug #9237 + type = "number"; + } + + // Make sure that null and NaN values aren't set (#7116) + if ( value == null || value !== value ) { + return; + } + + // If a number was passed in, add the unit (except for certain CSS properties) + // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append + // "px" to a few hardcoded values. + if ( type === "number" && !isCustomProp ) { + value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); + } + + // background-* props affect original clone's values + if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { + style[ name ] = "inherit"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !( "set" in hooks ) || + ( value = hooks.set( elem, value, extra ) ) !== undefined ) { + + if ( isCustomProp ) { + style.setProperty( name, value ); + } else { + style[ name ] = value; + } + } + + } else { + + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && + ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { + + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra, styles ) { + var val, num, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ); + + // Make sure that we're working with the right name. We don't + // want to modify the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Try prefixed name followed by the unprefixed name + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks ) { + val = hooks.get( elem, true, extra ); + } + + // Otherwise, if a way to get the computed value exists, use that + if ( val === undefined ) { + val = curCSS( elem, name, styles ); + } + + // Convert "normal" to computed value + if ( val === "normal" && name in cssNormalTransform ) { + val = cssNormalTransform[ name ]; + } + + // Make numeric if forced or a qualifier was provided and val looks numeric + if ( extra === "" || extra ) { + num = parseFloat( val ); + return extra === true || isFinite( num ) ? num || 0 : val; + } + + return val; + } +} ); + +jQuery.each( [ "height", "width" ], function( _i, dimension ) { + jQuery.cssHooks[ dimension ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + + // Certain elements can have dimension info if we invisibly show them + // but it must have a current display style that would benefit + return rdisplayswap.test( jQuery.css( elem, "display" ) ) && + + // Support: Safari 8+ + // Table columns in Safari have non-zero offsetWidth & zero + // getBoundingClientRect().width unless display is changed. + // Support: IE <=11 only + // Running getBoundingClientRect on a disconnected node + // in IE throws an error. + ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? + swap( elem, cssShow, function() { + return getWidthOrHeight( elem, dimension, extra ); + } ) : + getWidthOrHeight( elem, dimension, extra ); + } + }, + + set: function( elem, value, extra ) { + var matches, + styles = getStyles( elem ), + + // Only read styles.position if the test has a chance to fail + // to avoid forcing a reflow. + scrollboxSizeBuggy = !support.scrollboxSize() && + styles.position === "absolute", + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) + boxSizingNeeded = scrollboxSizeBuggy || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + subtract = extra ? + boxModelAdjustment( + elem, + dimension, + extra, + isBorderBox, + styles + ) : + 0; + + // Account for unreliable border-box dimensions by comparing offset* to computed and + // faking a content-box to get border and padding (gh-3699) + if ( isBorderBox && scrollboxSizeBuggy ) { + subtract -= Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + parseFloat( styles[ dimension ] ) - + boxModelAdjustment( elem, dimension, "border", false, styles ) - + 0.5 + ); + } + + // Convert to pixels if value adjustment is needed + if ( subtract && ( matches = rcssNum.exec( value ) ) && + ( matches[ 3 ] || "px" ) !== "px" ) { + + elem.style[ dimension ] = value; + value = jQuery.css( elem, dimension ); + } + + return setPositiveNumber( elem, value, subtract ); + } + }; +} ); + +jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, + function( elem, computed ) { + if ( computed ) { + return ( parseFloat( curCSS( elem, "marginLeft" ) ) || + elem.getBoundingClientRect().left - + swap( elem, { marginLeft: 0 }, function() { + return elem.getBoundingClientRect().left; + } ) + ) + "px"; + } + } +); + +// These hooks are used by animate to expand properties +jQuery.each( { + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i = 0, + expanded = {}, + + // Assumes a single number if not a string + parts = typeof value === "string" ? value.split( " " ) : [ value ]; + + for ( ; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; + + if ( prefix !== "margin" ) { + jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; + } +} ); + +jQuery.fn.extend( { + css: function( name, value ) { + return access( this, function( elem, name, value ) { + var styles, len, + map = {}, + i = 0; + + if ( Array.isArray( name ) ) { + styles = getStyles( elem ); + len = name.length; + + for ( ; i < len; i++ ) { + map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); + } + + return map; + } + + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); + } +} ); + + +function Tween( elem, options, prop, end, easing ) { + return new Tween.prototype.init( elem, options, prop, end, easing ); +} +jQuery.Tween = Tween; + +Tween.prototype = { + constructor: Tween, + init: function( elem, options, prop, end, easing, unit ) { + this.elem = elem; + this.prop = prop; + this.easing = easing || jQuery.easing._default; + this.options = options; + this.start = this.now = this.cur(); + this.end = end; + this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); + }, + cur: function() { + var hooks = Tween.propHooks[ this.prop ]; + + return hooks && hooks.get ? + hooks.get( this ) : + Tween.propHooks._default.get( this ); + }, + run: function( percent ) { + var eased, + hooks = Tween.propHooks[ this.prop ]; + + if ( this.options.duration ) { + this.pos = eased = jQuery.easing[ this.easing ]( + percent, this.options.duration * percent, 0, 1, this.options.duration + ); + } else { + this.pos = eased = percent; + } + this.now = ( this.end - this.start ) * eased + this.start; + + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + if ( hooks && hooks.set ) { + hooks.set( this ); + } else { + Tween.propHooks._default.set( this ); + } + return this; + } +}; + +Tween.prototype.init.prototype = Tween.prototype; + +Tween.propHooks = { + _default: { + get: function( tween ) { + var result; + + // Use a property on the element directly when it is not a DOM element, + // or when there is no matching style property that exists. + if ( tween.elem.nodeType !== 1 || + tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { + return tween.elem[ tween.prop ]; + } + + // Passing an empty string as a 3rd parameter to .css will automatically + // attempt a parseFloat and fallback to a string if the parse fails. + // Simple values such as "10px" are parsed to Float; + // complex values such as "rotate(1rad)" are returned as-is. + result = jQuery.css( tween.elem, tween.prop, "" ); + + // Empty strings, null, undefined and "auto" are converted to 0. + return !result || result === "auto" ? 0 : result; + }, + set: function( tween ) { + + // Use step hook for back compat. + // Use cssHook if its there. + // Use .style if available and use plain properties where available. + if ( jQuery.fx.step[ tween.prop ] ) { + jQuery.fx.step[ tween.prop ]( tween ); + } else if ( tween.elem.nodeType === 1 && ( + jQuery.cssHooks[ tween.prop ] || + tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { + jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); + } else { + tween.elem[ tween.prop ] = tween.now; + } + } + } +}; + +// Support: IE <=9 only +// Panic based approach to setting things on disconnected nodes +Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { + set: function( tween ) { + if ( tween.elem.nodeType && tween.elem.parentNode ) { + tween.elem[ tween.prop ] = tween.now; + } + } +}; + +jQuery.easing = { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return 0.5 - Math.cos( p * Math.PI ) / 2; + }, + _default: "swing" +}; + +jQuery.fx = Tween.prototype.init; + +// Back compat <1.8 extension point +jQuery.fx.step = {}; + + + + +var + fxNow, inProgress, + rfxtypes = /^(?:toggle|show|hide)$/, + rrun = /queueHooks$/; + +function schedule() { + if ( inProgress ) { + if ( document.hidden === false && window.requestAnimationFrame ) { + window.requestAnimationFrame( schedule ); + } else { + window.setTimeout( schedule, jQuery.fx.interval ); + } + + jQuery.fx.tick(); + } +} + +// Animations created synchronously will run synchronously +function createFxNow() { + window.setTimeout( function() { + fxNow = undefined; + } ); + return ( fxNow = Date.now() ); +} + +// Generate parameters to create a standard animation +function genFx( type, includeWidth ) { + var which, + i = 0, + attrs = { height: type }; + + // If we include width, step value is 1 to do all cssExpand values, + // otherwise step value is 2 to skip over Left and Right + includeWidth = includeWidth ? 1 : 0; + for ( ; i < 4; i += 2 - includeWidth ) { + which = cssExpand[ i ]; + attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; + } + + if ( includeWidth ) { + attrs.opacity = attrs.width = type; + } + + return attrs; +} + +function createTween( value, prop, animation ) { + var tween, + collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), + index = 0, + length = collection.length; + for ( ; index < length; index++ ) { + if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { + + // We're done with this property + return tween; + } + } +} + +function defaultPrefilter( elem, props, opts ) { + var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, + isBox = "width" in props || "height" in props, + anim = this, + orig = {}, + style = elem.style, + hidden = elem.nodeType && isHiddenWithinTree( elem ), + dataShow = dataPriv.get( elem, "fxshow" ); + + // Queue-skipping animations hijack the fx hooks + if ( !opts.queue ) { + hooks = jQuery._queueHooks( elem, "fx" ); + if ( hooks.unqueued == null ) { + hooks.unqueued = 0; + oldfire = hooks.empty.fire; + hooks.empty.fire = function() { + if ( !hooks.unqueued ) { + oldfire(); + } + }; + } + hooks.unqueued++; + + anim.always( function() { + + // Ensure the complete handler is called before this completes + anim.always( function() { + hooks.unqueued--; + if ( !jQuery.queue( elem, "fx" ).length ) { + hooks.empty.fire(); + } + } ); + } ); + } + + // Detect show/hide animations + for ( prop in props ) { + value = props[ prop ]; + if ( rfxtypes.test( value ) ) { + delete props[ prop ]; + toggle = toggle || value === "toggle"; + if ( value === ( hidden ? "hide" : "show" ) ) { + + // Pretend to be hidden if this is a "show" and + // there is still data from a stopped show/hide + if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { + hidden = true; + + // Ignore all other no-op show/hide data + } else { + continue; + } + } + orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); + } + } + + // Bail out if this is a no-op like .hide().hide() + propTween = !jQuery.isEmptyObject( props ); + if ( !propTween && jQuery.isEmptyObject( orig ) ) { + return; + } + + // Restrict "overflow" and "display" styles during box animations + if ( isBox && elem.nodeType === 1 ) { + + // Support: IE <=9 - 11, Edge 12 - 15 + // Record all 3 overflow attributes because IE does not infer the shorthand + // from identically-valued overflowX and overflowY and Edge just mirrors + // the overflowX value there. + opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; + + // Identify a display type, preferring old show/hide data over the CSS cascade + restoreDisplay = dataShow && dataShow.display; + if ( restoreDisplay == null ) { + restoreDisplay = dataPriv.get( elem, "display" ); + } + display = jQuery.css( elem, "display" ); + if ( display === "none" ) { + if ( restoreDisplay ) { + display = restoreDisplay; + } else { + + // Get nonempty value(s) by temporarily forcing visibility + showHide( [ elem ], true ); + restoreDisplay = elem.style.display || restoreDisplay; + display = jQuery.css( elem, "display" ); + showHide( [ elem ] ); + } + } + + // Animate inline elements as inline-block + if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { + if ( jQuery.css( elem, "float" ) === "none" ) { + + // Restore the original display value at the end of pure show/hide animations + if ( !propTween ) { + anim.done( function() { + style.display = restoreDisplay; + } ); + if ( restoreDisplay == null ) { + display = style.display; + restoreDisplay = display === "none" ? "" : display; + } + } + style.display = "inline-block"; + } + } + } + + if ( opts.overflow ) { + style.overflow = "hidden"; + anim.always( function() { + style.overflow = opts.overflow[ 0 ]; + style.overflowX = opts.overflow[ 1 ]; + style.overflowY = opts.overflow[ 2 ]; + } ); + } + + // Implement show/hide animations + propTween = false; + for ( prop in orig ) { + + // General show/hide setup for this element animation + if ( !propTween ) { + if ( dataShow ) { + if ( "hidden" in dataShow ) { + hidden = dataShow.hidden; + } + } else { + dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); + } + + // Store hidden/visible for toggle so `.stop().toggle()` "reverses" + if ( toggle ) { + dataShow.hidden = !hidden; + } + + // Show elements before animating them + if ( hidden ) { + showHide( [ elem ], true ); + } + + /* eslint-disable no-loop-func */ + + anim.done( function() { + + /* eslint-enable no-loop-func */ + + // The final step of a "hide" animation is actually hiding the element + if ( !hidden ) { + showHide( [ elem ] ); + } + dataPriv.remove( elem, "fxshow" ); + for ( prop in orig ) { + jQuery.style( elem, prop, orig[ prop ] ); + } + } ); + } + + // Per-property setup + propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); + if ( !( prop in dataShow ) ) { + dataShow[ prop ] = propTween.start; + if ( hidden ) { + propTween.end = propTween.start; + propTween.start = 0; + } + } + } +} + +function propFilter( props, specialEasing ) { + var index, name, easing, value, hooks; + + // camelCase, specialEasing and expand cssHook pass + for ( index in props ) { + name = camelCase( index ); + easing = specialEasing[ name ]; + value = props[ index ]; + if ( Array.isArray( value ) ) { + easing = value[ 1 ]; + value = props[ index ] = value[ 0 ]; + } + + if ( index !== name ) { + props[ name ] = value; + delete props[ index ]; + } + + hooks = jQuery.cssHooks[ name ]; + if ( hooks && "expand" in hooks ) { + value = hooks.expand( value ); + delete props[ name ]; + + // Not quite $.extend, this won't overwrite existing keys. + // Reusing 'index' because we have the correct "name" + for ( index in value ) { + if ( !( index in props ) ) { + props[ index ] = value[ index ]; + specialEasing[ index ] = easing; + } + } + } else { + specialEasing[ name ] = easing; + } + } +} + +function Animation( elem, properties, options ) { + var result, + stopped, + index = 0, + length = Animation.prefilters.length, + deferred = jQuery.Deferred().always( function() { + + // Don't match elem in the :animated selector + delete tick.elem; + } ), + tick = function() { + if ( stopped ) { + return false; + } + var currentTime = fxNow || createFxNow(), + remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), + + // Support: Android 2.3 only + // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) + temp = remaining / animation.duration || 0, + percent = 1 - temp, + index = 0, + length = animation.tweens.length; + + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( percent ); + } + + deferred.notifyWith( elem, [ animation, percent, remaining ] ); + + // If there's more to do, yield + if ( percent < 1 && length ) { + return remaining; + } + + // If this was an empty animation, synthesize a final progress notification + if ( !length ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + } + + // Resolve the animation and report its conclusion + deferred.resolveWith( elem, [ animation ] ); + return false; + }, + animation = deferred.promise( { + elem: elem, + props: jQuery.extend( {}, properties ), + opts: jQuery.extend( true, { + specialEasing: {}, + easing: jQuery.easing._default + }, options ), + originalProperties: properties, + originalOptions: options, + startTime: fxNow || createFxNow(), + duration: options.duration, + tweens: [], + createTween: function( prop, end ) { + var tween = jQuery.Tween( elem, animation.opts, prop, end, + animation.opts.specialEasing[ prop ] || animation.opts.easing ); + animation.tweens.push( tween ); + return tween; + }, + stop: function( gotoEnd ) { + var index = 0, + + // If we are going to the end, we want to run all the tweens + // otherwise we skip this part + length = gotoEnd ? animation.tweens.length : 0; + if ( stopped ) { + return this; + } + stopped = true; + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( 1 ); + } + + // Resolve when we played the last frame; otherwise, reject + if ( gotoEnd ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + deferred.resolveWith( elem, [ animation, gotoEnd ] ); + } else { + deferred.rejectWith( elem, [ animation, gotoEnd ] ); + } + return this; + } + } ), + props = animation.props; + + propFilter( props, animation.opts.specialEasing ); + + for ( ; index < length; index++ ) { + result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); + if ( result ) { + if ( isFunction( result.stop ) ) { + jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = + result.stop.bind( result ); + } + return result; + } + } + + jQuery.map( props, createTween, animation ); + + if ( isFunction( animation.opts.start ) ) { + animation.opts.start.call( elem, animation ); + } + + // Attach callbacks from options + animation + .progress( animation.opts.progress ) + .done( animation.opts.done, animation.opts.complete ) + .fail( animation.opts.fail ) + .always( animation.opts.always ); + + jQuery.fx.timer( + jQuery.extend( tick, { + elem: elem, + anim: animation, + queue: animation.opts.queue + } ) + ); + + return animation; +} + +jQuery.Animation = jQuery.extend( Animation, { + + tweeners: { + "*": [ function( prop, value ) { + var tween = this.createTween( prop, value ); + adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); + return tween; + } ] + }, + + tweener: function( props, callback ) { + if ( isFunction( props ) ) { + callback = props; + props = [ "*" ]; + } else { + props = props.match( rnothtmlwhite ); + } + + var prop, + index = 0, + length = props.length; + + for ( ; index < length; index++ ) { + prop = props[ index ]; + Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; + Animation.tweeners[ prop ].unshift( callback ); + } + }, + + prefilters: [ defaultPrefilter ], + + prefilter: function( callback, prepend ) { + if ( prepend ) { + Animation.prefilters.unshift( callback ); + } else { + Animation.prefilters.push( callback ); + } + } +} ); + +jQuery.speed = function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !isFunction( easing ) && easing + }; + + // Go to the end state if fx are off + if ( jQuery.fx.off ) { + opt.duration = 0; + + } else { + if ( typeof opt.duration !== "number" ) { + if ( opt.duration in jQuery.fx.speeds ) { + opt.duration = jQuery.fx.speeds[ opt.duration ]; + + } else { + opt.duration = jQuery.fx.speeds._default; + } + } + } + + // Normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function() { + if ( isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } + }; + + return opt; +}; + +jQuery.fn.extend( { + fadeTo: function( speed, to, easing, callback ) { + + // Show any hidden elements after setting opacity to 0 + return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() + + // Animate to the value specified + .end().animate( { opacity: to }, speed, easing, callback ); + }, + animate: function( prop, speed, easing, callback ) { + var empty = jQuery.isEmptyObject( prop ), + optall = jQuery.speed( speed, easing, callback ), + doAnimation = function() { + + // Operate on a copy of prop so per-property easing won't be lost + var anim = Animation( this, jQuery.extend( {}, prop ), optall ); + + // Empty animations, or finishing resolves immediately + if ( empty || dataPriv.get( this, "finish" ) ) { + anim.stop( true ); + } + }; + doAnimation.finish = doAnimation; + + return empty || optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + stop: function( type, clearQueue, gotoEnd ) { + var stopQueue = function( hooks ) { + var stop = hooks.stop; + delete hooks.stop; + stop( gotoEnd ); + }; + + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue ) { + this.queue( type || "fx", [] ); + } + + return this.each( function() { + var dequeue = true, + index = type != null && type + "queueHooks", + timers = jQuery.timers, + data = dataPriv.get( this ); + + if ( index ) { + if ( data[ index ] && data[ index ].stop ) { + stopQueue( data[ index ] ); + } + } else { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { + stopQueue( data[ index ] ); + } + } + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && + ( type == null || timers[ index ].queue === type ) ) { + + timers[ index ].anim.stop( gotoEnd ); + dequeue = false; + timers.splice( index, 1 ); + } + } + + // Start the next in the queue if the last step wasn't forced. + // Timers currently will call their complete callbacks, which + // will dequeue but only if they were gotoEnd. + if ( dequeue || !gotoEnd ) { + jQuery.dequeue( this, type ); + } + } ); + }, + finish: function( type ) { + if ( type !== false ) { + type = type || "fx"; + } + return this.each( function() { + var index, + data = dataPriv.get( this ), + queue = data[ type + "queue" ], + hooks = data[ type + "queueHooks" ], + timers = jQuery.timers, + length = queue ? queue.length : 0; + + // Enable finishing flag on private data + data.finish = true; + + // Empty the queue first + jQuery.queue( this, type, [] ); + + if ( hooks && hooks.stop ) { + hooks.stop.call( this, true ); + } + + // Look for any active animations, and finish them + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && timers[ index ].queue === type ) { + timers[ index ].anim.stop( true ); + timers.splice( index, 1 ); + } + } + + // Look for any animations in the old queue and finish them + for ( index = 0; index < length; index++ ) { + if ( queue[ index ] && queue[ index ].finish ) { + queue[ index ].finish.call( this ); + } + } + + // Turn off finishing flag + delete data.finish; + } ); + } +} ); + +jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { + var cssFn = jQuery.fn[ name ]; + jQuery.fn[ name ] = function( speed, easing, callback ) { + return speed == null || typeof speed === "boolean" ? + cssFn.apply( this, arguments ) : + this.animate( genFx( name, true ), speed, easing, callback ); + }; +} ); + +// Generate shortcuts for custom animations +jQuery.each( { + slideDown: genFx( "show" ), + slideUp: genFx( "hide" ), + slideToggle: genFx( "toggle" ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +} ); + +jQuery.timers = []; +jQuery.fx.tick = function() { + var timer, + i = 0, + timers = jQuery.timers; + + fxNow = Date.now(); + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + + // Run the timer and safely remove it when done (allowing for external removal) + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + fxNow = undefined; +}; + +jQuery.fx.timer = function( timer ) { + jQuery.timers.push( timer ); + jQuery.fx.start(); +}; + +jQuery.fx.interval = 13; +jQuery.fx.start = function() { + if ( inProgress ) { + return; + } + + inProgress = true; + schedule(); +}; + +jQuery.fx.stop = function() { + inProgress = null; +}; + +jQuery.fx.speeds = { + slow: 600, + fast: 200, + + // Default speed + _default: 400 +}; + + +// Based off of the plugin by Clint Helfers, with permission. +// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ +jQuery.fn.delay = function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = window.setTimeout( next, time ); + hooks.stop = function() { + window.clearTimeout( timeout ); + }; + } ); +}; + + +( function() { + var input = document.createElement( "input" ), + select = document.createElement( "select" ), + opt = select.appendChild( document.createElement( "option" ) ); + + input.type = "checkbox"; + + // Support: Android <=4.3 only + // Default value for a checkbox should be "on" + support.checkOn = input.value !== ""; + + // Support: IE <=11 only + // Must access selectedIndex to make default options select + support.optSelected = opt.selected; + + // Support: IE <=11 only + // An input loses its value after becoming a radio + input = document.createElement( "input" ); + input.value = "t"; + input.type = "radio"; + support.radioValue = input.value === "t"; +} )(); + + +var boolHook, + attrHandle = jQuery.expr.attrHandle; + +jQuery.fn.extend( { + attr: function( name, value ) { + return access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each( function() { + jQuery.removeAttr( this, name ); + } ); + } +} ); + +jQuery.extend( { + attr: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set attributes on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + // Attribute hooks are determined by the lowercase version + // Grab necessary hook if one is defined + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + hooks = jQuery.attrHooks[ name.toLowerCase() ] || + ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); + } + + if ( value !== undefined ) { + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + } + + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + elem.setAttribute( name, value + "" ); + return value; + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + ret = jQuery.find.attr( elem, name ); + + // Non-existent attributes return null, we normalize to undefined + return ret == null ? undefined : ret; + }, + + attrHooks: { + type: { + set: function( elem, value ) { + if ( !support.radioValue && value === "radio" && + nodeName( elem, "input" ) ) { + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + } + }, + + removeAttr: function( elem, value ) { + var name, + i = 0, + + // Attribute names can contain non-HTML whitespace characters + // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 + attrNames = value && value.match( rnothtmlwhite ); + + if ( attrNames && elem.nodeType === 1 ) { + while ( ( name = attrNames[ i++ ] ) ) { + elem.removeAttribute( name ); + } + } + } +} ); + +// Hooks for boolean attributes +boolHook = { + set: function( elem, value, name ) { + if ( value === false ) { + + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + elem.setAttribute( name, name ); + } + return name; + } +}; + +jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { + var getter = attrHandle[ name ] || jQuery.find.attr; + + attrHandle[ name ] = function( elem, name, isXML ) { + var ret, handle, + lowercaseName = name.toLowerCase(); + + if ( !isXML ) { + + // Avoid an infinite loop by temporarily removing this function from the getter + handle = attrHandle[ lowercaseName ]; + attrHandle[ lowercaseName ] = ret; + ret = getter( elem, name, isXML ) != null ? + lowercaseName : + null; + attrHandle[ lowercaseName ] = handle; + } + return ret; + }; +} ); + + + + +var rfocusable = /^(?:input|select|textarea|button)$/i, + rclickable = /^(?:a|area)$/i; + +jQuery.fn.extend( { + prop: function( name, value ) { + return access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + return this.each( function() { + delete this[ jQuery.propFix[ name ] || name ]; + } ); + } +} ); + +jQuery.extend( { + prop: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set properties on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + return ( elem[ name ] = value ); + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + return elem[ name ]; + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + + // Support: IE <=9 - 11 only + // elem.tabIndex doesn't always return the + // correct value when it hasn't been explicitly set + // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + // Use proper attribute retrieval(#12072) + var tabindex = jQuery.find.attr( elem, "tabindex" ); + + if ( tabindex ) { + return parseInt( tabindex, 10 ); + } + + if ( + rfocusable.test( elem.nodeName ) || + rclickable.test( elem.nodeName ) && + elem.href + ) { + return 0; + } + + return -1; + } + } + }, + + propFix: { + "for": "htmlFor", + "class": "className" + } +} ); + +// Support: IE <=11 only +// Accessing the selectedIndex property +// forces the browser to respect setting selected +// on the option +// The getter ensures a default option is selected +// when in an optgroup +// eslint rule "no-unused-expressions" is disabled for this code +// since it considers such accessions noop +if ( !support.optSelected ) { + jQuery.propHooks.selected = { + get: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent && parent.parentNode ) { + parent.parentNode.selectedIndex; + } + return null; + }, + set: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent ) { + parent.selectedIndex; + + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + } + }; +} + +jQuery.each( [ + "tabIndex", + "readOnly", + "maxLength", + "cellSpacing", + "cellPadding", + "rowSpan", + "colSpan", + "useMap", + "frameBorder", + "contentEditable" +], function() { + jQuery.propFix[ this.toLowerCase() ] = this; +} ); + + + + + // Strip and collapse whitespace according to HTML spec + // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace + function stripAndCollapse( value ) { + var tokens = value.match( rnothtmlwhite ) || []; + return tokens.join( " " ); + } + + +function getClass( elem ) { + return elem.getAttribute && elem.getAttribute( "class" ) || ""; +} + +function classesToArray( value ) { + if ( Array.isArray( value ) ) { + return value; + } + if ( typeof value === "string" ) { + return value.match( rnothtmlwhite ) || []; + } + return []; +} + +jQuery.fn.extend( { + addClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + if ( cur.indexOf( " " + clazz + " " ) < 0 ) { + cur += clazz + " "; + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( !arguments.length ) { + return this.attr( "class", "" ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + + // This expression is here for better compressibility (see addClass) + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + + // Remove *all* instances + while ( cur.indexOf( " " + clazz + " " ) > -1 ) { + cur = cur.replace( " " + clazz + " ", " " ); + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value, + isValidValue = type === "string" || Array.isArray( value ); + + if ( typeof stateVal === "boolean" && isValidValue ) { + return stateVal ? this.addClass( value ) : this.removeClass( value ); + } + + if ( isFunction( value ) ) { + return this.each( function( i ) { + jQuery( this ).toggleClass( + value.call( this, i, getClass( this ), stateVal ), + stateVal + ); + } ); + } + + return this.each( function() { + var className, i, self, classNames; + + if ( isValidValue ) { + + // Toggle individual class names + i = 0; + self = jQuery( this ); + classNames = classesToArray( value ); + + while ( ( className = classNames[ i++ ] ) ) { + + // Check each className given, space separated list + if ( self.hasClass( className ) ) { + self.removeClass( className ); + } else { + self.addClass( className ); + } + } + + // Toggle whole class name + } else if ( value === undefined || type === "boolean" ) { + className = getClass( this ); + if ( className ) { + + // Store className if set + dataPriv.set( this, "__className__", className ); + } + + // If the element has a class name or if we're passed `false`, + // then remove the whole classname (if there was one, the above saved it). + // Otherwise bring back whatever was previously saved (if anything), + // falling back to the empty string if nothing was stored. + if ( this.setAttribute ) { + this.setAttribute( "class", + className || value === false ? + "" : + dataPriv.get( this, "__className__" ) || "" + ); + } + } + } ); + }, + + hasClass: function( selector ) { + var className, elem, + i = 0; + + className = " " + selector + " "; + while ( ( elem = this[ i++ ] ) ) { + if ( elem.nodeType === 1 && + ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { + return true; + } + } + + return false; + } +} ); + + + + +var rreturn = /\r/g; + +jQuery.fn.extend( { + val: function( value ) { + var hooks, ret, valueIsFunction, + elem = this[ 0 ]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || + jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && + "get" in hooks && + ( ret = hooks.get( elem, "value" ) ) !== undefined + ) { + return ret; + } + + ret = elem.value; + + // Handle most common string cases + if ( typeof ret === "string" ) { + return ret.replace( rreturn, "" ); + } + + // Handle cases where value is null/undef or number + return ret == null ? "" : ret; + } + + return; + } + + valueIsFunction = isFunction( value ); + + return this.each( function( i ) { + var val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( valueIsFunction ) { + val = value.call( this, i, jQuery( this ).val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + + } else if ( typeof val === "number" ) { + val += ""; + + } else if ( Array.isArray( val ) ) { + val = jQuery.map( val, function( value ) { + return value == null ? "" : value + ""; + } ); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + } ); + } +} ); + +jQuery.extend( { + valHooks: { + option: { + get: function( elem ) { + + var val = jQuery.find.attr( elem, "value" ); + return val != null ? + val : + + // Support: IE <=10 - 11 only + // option.text throws exceptions (#14686, #14858) + // Strip and collapse whitespace + // https://html.spec.whatwg.org/#strip-and-collapse-whitespace + stripAndCollapse( jQuery.text( elem ) ); + } + }, + select: { + get: function( elem ) { + var value, option, i, + options = elem.options, + index = elem.selectedIndex, + one = elem.type === "select-one", + values = one ? null : [], + max = one ? index + 1 : options.length; + + if ( index < 0 ) { + i = max; + + } else { + i = one ? index : 0; + } + + // Loop through all the selected options + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Support: IE <=9 only + // IE8-9 doesn't update selected after form reset (#2551) + if ( ( option.selected || i === index ) && + + // Don't return options that are disabled or in a disabled optgroup + !option.disabled && + ( !option.parentNode.disabled || + !nodeName( option.parentNode, "optgroup" ) ) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + }, + + set: function( elem, value ) { + var optionSet, option, + options = elem.options, + values = jQuery.makeArray( value ), + i = options.length; + + while ( i-- ) { + option = options[ i ]; + + /* eslint-disable no-cond-assign */ + + if ( option.selected = + jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 + ) { + optionSet = true; + } + + /* eslint-enable no-cond-assign */ + } + + // Force browsers to behave consistently when non-matching value is set + if ( !optionSet ) { + elem.selectedIndex = -1; + } + return values; + } + } + } +} ); + +// Radios and checkboxes getter/setter +jQuery.each( [ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + set: function( elem, value ) { + if ( Array.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); + } + } + }; + if ( !support.checkOn ) { + jQuery.valHooks[ this ].get = function( elem ) { + return elem.getAttribute( "value" ) === null ? "on" : elem.value; + }; + } +} ); + + + + +// Return jQuery for attributes-only inclusion + + +support.focusin = "onfocusin" in window; + + +var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, + stopPropagationCallback = function( e ) { + e.stopPropagation(); + }; + +jQuery.extend( jQuery.event, { + + trigger: function( event, data, elem, onlyHandlers ) { + + var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, + eventPath = [ elem || document ], + type = hasOwn.call( event, "type" ) ? event.type : event, + namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; + + cur = lastElement = tmp = elem = elem || document; + + // Don't do events on text and comment nodes + if ( elem.nodeType === 3 || elem.nodeType === 8 ) { + return; + } + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "." ) > -1 ) { + + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split( "." ); + type = namespaces.shift(); + namespaces.sort(); + } + ontype = type.indexOf( ":" ) < 0 && "on" + type; + + // Caller can pass in a jQuery.Event object, Object, or just an event type string + event = event[ jQuery.expando ] ? + event : + new jQuery.Event( type, typeof event === "object" && event ); + + // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) + event.isTrigger = onlyHandlers ? 2 : 3; + event.namespace = namespaces.join( "." ); + event.rnamespace = event.namespace ? + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : + null; + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data == null ? + [ event ] : + jQuery.makeArray( data, [ event ] ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + if ( !rfocusMorph.test( bubbleType + type ) ) { + cur = cur.parentNode; + } + for ( ; cur; cur = cur.parentNode ) { + eventPath.push( cur ); + tmp = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( tmp === ( elem.ownerDocument || document ) ) { + eventPath.push( tmp.defaultView || tmp.parentWindow || window ); + } + } + + // Fire handlers on the event path + i = 0; + while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { + lastElement = cur; + event.type = i > 1 ? + bubbleType : + special.bindType || type; + + // jQuery handler + handle = ( + dataPriv.get( cur, "events" ) || Object.create( null ) + )[ event.type ] && + dataPriv.get( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + + // Native handler + handle = ontype && cur[ ontype ]; + if ( handle && handle.apply && acceptData( cur ) ) { + event.result = handle.apply( cur, data ); + if ( event.result === false ) { + event.preventDefault(); + } + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( ( !special._default || + special._default.apply( eventPath.pop(), data ) === false ) && + acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name as the event. + // Don't do default actions on window, that's where global variables be (#6170) + if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + tmp = elem[ ontype ]; + + if ( tmp ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + + if ( event.isPropagationStopped() ) { + lastElement.addEventListener( type, stopPropagationCallback ); + } + + elem[ type ](); + + if ( event.isPropagationStopped() ) { + lastElement.removeEventListener( type, stopPropagationCallback ); + } + + jQuery.event.triggered = undefined; + + if ( tmp ) { + elem[ ontype ] = tmp; + } + } + } + } + + return event.result; + }, + + // Piggyback on a donor event to simulate a different one + // Used only for `focus(in | out)` events + simulate: function( type, elem, event ) { + var e = jQuery.extend( + new jQuery.Event(), + event, + { + type: type, + isSimulated: true + } + ); + + jQuery.event.trigger( e, null, elem ); + } + +} ); + +jQuery.fn.extend( { + + trigger: function( type, data ) { + return this.each( function() { + jQuery.event.trigger( type, data, this ); + } ); + }, + triggerHandler: function( type, data ) { + var elem = this[ 0 ]; + if ( elem ) { + return jQuery.event.trigger( type, data, elem, true ); + } + } +} ); + + +// Support: Firefox <=44 +// Firefox doesn't have focus(in | out) events +// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 +// +// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 +// focus(in | out) events fire after focus & blur events, +// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order +// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 +if ( !support.focusin ) { + jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler on the document while someone wants focusin/focusout + var handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + + // Handle: regular nodes (via `this.ownerDocument`), window + // (via `this.document`) & document (via `this`). + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ); + + if ( !attaches ) { + doc.addEventListener( orig, handler, true ); + } + dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); + }, + teardown: function() { + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ) - 1; + + if ( !attaches ) { + doc.removeEventListener( orig, handler, true ); + dataPriv.remove( doc, fix ); + + } else { + dataPriv.access( doc, fix, attaches ); + } + } + }; + } ); +} +var location = window.location; + +var nonce = { guid: Date.now() }; + +var rquery = ( /\?/ ); + + + +// Cross-browser xml parsing +jQuery.parseXML = function( data ) { + var xml; + if ( !data || typeof data !== "string" ) { + return null; + } + + // Support: IE 9 - 11 only + // IE throws on parseFromString with invalid input. + try { + xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); + } catch ( e ) { + xml = undefined; + } + + if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) { + jQuery.error( "Invalid XML: " + data ); + } + return xml; +}; + + +var + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, + rsubmittable = /^(?:input|select|textarea|keygen)/i; + +function buildParams( prefix, obj, traditional, add ) { + var name; + + if ( Array.isArray( obj ) ) { + + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + + // Item is non-scalar (array or object), encode its numeric index. + buildParams( + prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", + v, + traditional, + add + ); + } + } ); + + } else if ( !traditional && toType( obj ) === "object" ) { + + // Serialize object item. + for ( name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + + // Serialize scalar item. + add( prefix, obj ); + } +} + +// Serialize an array of form elements or a set of +// key/values into a query string +jQuery.param = function( a, traditional ) { + var prefix, + s = [], + add = function( key, valueOrFunction ) { + + // If value is a function, invoke it and use its return value + var value = isFunction( valueOrFunction ) ? + valueOrFunction() : + valueOrFunction; + + s[ s.length ] = encodeURIComponent( key ) + "=" + + encodeURIComponent( value == null ? "" : value ); + }; + + if ( a == null ) { + return ""; + } + + // If an array was passed in, assume that it is an array of form elements. + if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + } ); + + } else { + + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ); +}; + +jQuery.fn.extend( { + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + serializeArray: function() { + return this.map( function() { + + // Can add propHook for "elements" to filter or add form elements + var elements = jQuery.prop( this, "elements" ); + return elements ? jQuery.makeArray( elements ) : this; + } ) + .filter( function() { + var type = this.type; + + // Use .is( ":disabled" ) so that fieldset[disabled] works + return this.name && !jQuery( this ).is( ":disabled" ) && + rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && + ( this.checked || !rcheckableType.test( type ) ); + } ) + .map( function( _i, elem ) { + var val = jQuery( this ).val(); + + if ( val == null ) { + return null; + } + + if ( Array.isArray( val ) ) { + return jQuery.map( val, function( val ) { + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ); + } + + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ).get(); + } +} ); + + +var + r20 = /%20/g, + rhash = /#.*$/, + rantiCache = /([?&])_=[^&]*/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, + + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = "*/".concat( "*" ), + + // Anchor tag for parsing the document origin + originAnchor = document.createElement( "a" ); + originAnchor.href = location.href; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + var dataType, + i = 0, + dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; + + if ( isFunction( func ) ) { + + // For each dataType in the dataTypeExpression + while ( ( dataType = dataTypes[ i++ ] ) ) { + + // Prepend if requested + if ( dataType[ 0 ] === "+" ) { + dataType = dataType.slice( 1 ) || "*"; + ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); + + // Otherwise append + } else { + ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); + } + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { + + var inspected = {}, + seekingTransport = ( structure === transports ); + + function inspect( dataType ) { + var selected; + inspected[ dataType ] = true; + jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { + var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); + if ( typeof dataTypeOrTransport === "string" && + !seekingTransport && !inspected[ dataTypeOrTransport ] ) { + + options.dataTypes.unshift( dataTypeOrTransport ); + inspect( dataTypeOrTransport ); + return false; + } else if ( seekingTransport ) { + return !( selected = dataTypeOrTransport ); + } + } ); + return selected; + } + + return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } + + return target; +} + +/* Handles responses to an ajax request: + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var ct, type, finalDataType, firstDataType, + contents = s.contents, + dataTypes = s.dataTypes; + + // Remove auto dataType and get content-type in the process + while ( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +/* Chain conversions given the request and the original response + * Also sets the responseXXX fields on the jqXHR instance + */ +function ajaxConvert( s, response, jqXHR, isSuccess ) { + var conv2, current, conv, tmp, prev, + converters = {}, + + // Work with a copy of dataTypes in case we need to modify it for conversion + dataTypes = s.dataTypes.slice(); + + // Create converters map with lowercased keys + if ( dataTypes[ 1 ] ) { + for ( conv in s.converters ) { + converters[ conv.toLowerCase() ] = s.converters[ conv ]; + } + } + + current = dataTypes.shift(); + + // Convert to each sequential dataType + while ( current ) { + + if ( s.responseFields[ current ] ) { + jqXHR[ s.responseFields[ current ] ] = response; + } + + // Apply the dataFilter if provided + if ( !prev && isSuccess && s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + prev = current; + current = dataTypes.shift(); + + if ( current ) { + + // There's only work to do if current dataType is non-auto + if ( current === "*" ) { + + current = prev; + + // Convert response if prev dataType is non-auto and differs from current + } else if ( prev !== "*" && prev !== current ) { + + // Seek a direct converter + conv = converters[ prev + " " + current ] || converters[ "* " + current ]; + + // If none found, seek a pair + if ( !conv ) { + for ( conv2 in converters ) { + + // If conv2 outputs current + tmp = conv2.split( " " ); + if ( tmp[ 1 ] === current ) { + + // If prev can be converted to accepted input + conv = converters[ prev + " " + tmp[ 0 ] ] || + converters[ "* " + tmp[ 0 ] ]; + if ( conv ) { + + // Condense equivalence converters + if ( conv === true ) { + conv = converters[ conv2 ]; + + // Otherwise, insert the intermediate dataType + } else if ( converters[ conv2 ] !== true ) { + current = tmp[ 0 ]; + dataTypes.unshift( tmp[ 1 ] ); + } + break; + } + } + } + } + + // Apply converter (if not an equivalence) + if ( conv !== true ) { + + // Unless errors are allowed to bubble, catch and return them + if ( conv && s.throws ) { + response = conv( response ); + } else { + try { + response = conv( response ); + } catch ( e ) { + return { + state: "parsererror", + error: conv ? e : "No conversion from " + prev + " to " + current + }; + } + } + } + } + } + } + + return { state: "success", data: response }; +} + +jQuery.extend( { + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {}, + + ajaxSettings: { + url: location.href, + type: "GET", + isLocal: rlocalProtocol.test( location.protocol ), + global: true, + processData: true, + async: true, + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + throws: false, + traditional: false, + headers: {}, + */ + + accepts: { + "*": allTypes, + text: "text/plain", + html: "text/html", + xml: "application/xml, text/xml", + json: "application/json, text/javascript" + }, + + contents: { + xml: /\bxml\b/, + html: /\bhtml/, + json: /\bjson\b/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText", + json: "responseJSON" + }, + + // Data converters + // Keys separate source (or catchall "*") and destination types with a single space + converters: { + + // Convert anything to text + "* text": String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": JSON.parse, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + url: true, + context: true + } + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + return settings ? + + // Building a settings object + ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : + + // Extending ajaxSettings + ajaxExtend( jQuery.ajaxSettings, target ); + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var transport, + + // URL without anti-cache param + cacheURL, + + // Response headers + responseHeadersString, + responseHeaders, + + // timeout handle + timeoutTimer, + + // Url cleanup var + urlAnchor, + + // Request state (becomes false upon send and true upon completion) + completed, + + // To know if global events are to be dispatched + fireGlobals, + + // Loop variable + i, + + // uncached part of the url + uncached, + + // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + + // Callbacks context + callbackContext = s.context || s, + + // Context for global events is callbackContext if it is a DOM node or jQuery collection + globalEventContext = s.context && + ( callbackContext.nodeType || callbackContext.jquery ) ? + jQuery( callbackContext ) : + jQuery.event, + + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + + // Status-dependent callbacks + statusCode = s.statusCode || {}, + + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + + // Default abort message + strAbort = "canceled", + + // Fake xhr + jqXHR = { + readyState: 0, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( completed ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while ( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[ 1 ].toLowerCase() + " " ] = + ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) + .concat( match[ 2 ] ); + } + } + match = responseHeaders[ key.toLowerCase() + " " ]; + } + return match == null ? null : match.join( ", " ); + }, + + // Raw string + getAllResponseHeaders: function() { + return completed ? responseHeadersString : null; + }, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( completed == null ) { + name = requestHeadersNames[ name.toLowerCase() ] = + requestHeadersNames[ name.toLowerCase() ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( completed == null ) { + s.mimeType = type; + } + return this; + }, + + // Status-dependent callbacks + statusCode: function( map ) { + var code; + if ( map ) { + if ( completed ) { + + // Execute the appropriate callbacks + jqXHR.always( map[ jqXHR.status ] ); + } else { + + // Lazy-add the new callbacks in a way that preserves old ones + for ( code in map ) { + statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; + } + } + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + var finalText = statusText || strAbort; + if ( transport ) { + transport.abort( finalText ); + } + done( 0, finalText ); + return this; + } + }; + + // Attach deferreds + deferred.promise( jqXHR ); + + // Add protocol if not provided (prefilters might expect it) + // Handle falsy url in the settings object (#10093: consistency with old signature) + // We also use the url parameter if available + s.url = ( ( url || s.url || location.href ) + "" ) + .replace( rprotocol, location.protocol + "//" ); + + // Alias method option to type as per ticket #12004 + s.type = options.method || options.type || s.method || s.type; + + // Extract dataTypes list + s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; + + // A cross-domain request is in order when the origin doesn't match the current origin. + if ( s.crossDomain == null ) { + urlAnchor = document.createElement( "a" ); + + // Support: IE <=8 - 11, Edge 12 - 15 + // IE throws exception on accessing the href property if url is malformed, + // e.g. http://example.com:80x/ + try { + urlAnchor.href = s.url; + + // Support: IE <=8 - 11 only + // Anchor's host property isn't correctly set when s.url is relative + urlAnchor.href = urlAnchor.href; + s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== + urlAnchor.protocol + "//" + urlAnchor.host; + } catch ( e ) { + + // If there is an error parsing the URL, assume it is crossDomain, + // it can be rejected by the transport if it is invalid + s.crossDomain = true; + } + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( completed ) { + return jqXHR; + } + + // We can fire global events as of now if asked to + // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) + fireGlobals = jQuery.event && s.global; + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Save the URL in case we're toying with the If-Modified-Since + // and/or If-None-Match header later on + // Remove hash to simplify url manipulation + cacheURL = s.url.replace( rhash, "" ); + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // Remember the hash so we can put it back + uncached = s.url.slice( cacheURL.length ); + + // If data is available and should be processed, append data to url + if ( s.data && ( s.processData || typeof s.data === "string" ) ) { + cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; + + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Add or update anti-cache param if needed + if ( s.cache === false ) { + cacheURL = cacheURL.replace( rantiCache, "$1" ); + uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + + uncached; + } + + // Put hash and anti-cache on the URL that will be requested (gh-1732) + s.url = cacheURL + uncached; + + // Change '%20' to '+' if this is encoded form body content (gh-2658) + } else if ( s.data && s.processData && + ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { + s.data = s.data.replace( r20, "+" ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + if ( jQuery.lastModified[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); + } + if ( jQuery.etag[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? + s.accepts[ s.dataTypes[ 0 ] ] + + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && + ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { + + // Abort if not done already and return + return jqXHR.abort(); + } + + // Aborting is no longer a cancellation + strAbort = "abort"; + + // Install callbacks on deferreds + completeDeferred.add( s.complete ); + jqXHR.done( s.success ); + jqXHR.fail( s.error ); + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + + // If request was aborted inside ajaxSend, stop there + if ( completed ) { + return jqXHR; + } + + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = window.setTimeout( function() { + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + completed = false; + transport.send( requestHeaders, done ); + } catch ( e ) { + + // Rethrow post-completion exceptions + if ( completed ) { + throw e; + } + + // Propagate others as results + done( -1, e ); + } + } + + // Callback for when everything is done + function done( status, nativeStatusText, responses, headers ) { + var isSuccess, success, error, response, modified, + statusText = nativeStatusText; + + // Ignore repeat invocations + if ( completed ) { + return; + } + + completed = true; + + // Clear timeout if it exists + if ( timeoutTimer ) { + window.clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + // Determine if successful + isSuccess = status >= 200 && status < 300 || status === 304; + + // Get response data + if ( responses ) { + response = ajaxHandleResponses( s, jqXHR, responses ); + } + + // Use a noop converter for missing script + if ( !isSuccess && jQuery.inArray( "script", s.dataTypes ) > -1 ) { + s.converters[ "text script" ] = function() {}; + } + + // Convert no matter what (that way responseXXX fields are always set) + response = ajaxConvert( s, response, jqXHR, isSuccess ); + + // If successful, handle type chaining + if ( isSuccess ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + modified = jqXHR.getResponseHeader( "Last-Modified" ); + if ( modified ) { + jQuery.lastModified[ cacheURL ] = modified; + } + modified = jqXHR.getResponseHeader( "etag" ); + if ( modified ) { + jQuery.etag[ cacheURL ] = modified; + } + } + + // if no content + if ( status === 204 || s.type === "HEAD" ) { + statusText = "nocontent"; + + // if not modified + } else if ( status === 304 ) { + statusText = "notmodified"; + + // If we have data, let's convert it + } else { + statusText = response.state; + success = response.data; + error = response.error; + isSuccess = !error; + } + } else { + + // Extract error from statusText and normalize for non-aborts + error = statusText; + if ( status || !statusText ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = ( nativeStatusText || statusText ) + ""; + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + return jqXHR; + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + } +} ); + +jQuery.each( [ "get", "post" ], function( _i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + + // Shift arguments if data argument was omitted + if ( isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + // The url can be an options object (which then must have .url) + return jQuery.ajax( jQuery.extend( { + url: url, + type: method, + dataType: type, + data: data, + success: callback + }, jQuery.isPlainObject( url ) && url ) ); + }; +} ); + +jQuery.ajaxPrefilter( function( s ) { + var i; + for ( i in s.headers ) { + if ( i.toLowerCase() === "content-type" ) { + s.contentType = s.headers[ i ] || ""; + } + } +} ); + + +jQuery._evalUrl = function( url, options, doc ) { + return jQuery.ajax( { + url: url, + + // Make this explicit, since user can override this through ajaxSetup (#11264) + type: "GET", + dataType: "script", + cache: true, + async: false, + global: false, + + // Only evaluate the response if it is successful (gh-4126) + // dataFilter is not invoked for failure responses, so using it instead + // of the default converter is kludgy but it works. + converters: { + "text script": function() {} + }, + dataFilter: function( response ) { + jQuery.globalEval( response, options, doc ); + } + } ); +}; + + +jQuery.fn.extend( { + wrapAll: function( html ) { + var wrap; + + if ( this[ 0 ] ) { + if ( isFunction( html ) ) { + html = html.call( this[ 0 ] ); + } + + // The elements to wrap the target around + wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); + + if ( this[ 0 ].parentNode ) { + wrap.insertBefore( this[ 0 ] ); + } + + wrap.map( function() { + var elem = this; + + while ( elem.firstElementChild ) { + elem = elem.firstElementChild; + } + + return elem; + } ).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( isFunction( html ) ) { + return this.each( function( i ) { + jQuery( this ).wrapInner( html.call( this, i ) ); + } ); + } + + return this.each( function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + } ); + }, + + wrap: function( html ) { + var htmlIsFunction = isFunction( html ); + + return this.each( function( i ) { + jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); + } ); + }, + + unwrap: function( selector ) { + this.parent( selector ).not( "body" ).each( function() { + jQuery( this ).replaceWith( this.childNodes ); + } ); + return this; + } +} ); + + +jQuery.expr.pseudos.hidden = function( elem ) { + return !jQuery.expr.pseudos.visible( elem ); +}; +jQuery.expr.pseudos.visible = function( elem ) { + return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); +}; + + + + +jQuery.ajaxSettings.xhr = function() { + try { + return new window.XMLHttpRequest(); + } catch ( e ) {} +}; + +var xhrSuccessStatus = { + + // File protocol always yields status code 0, assume 200 + 0: 200, + + // Support: IE <=9 only + // #1450: sometimes IE returns 1223 when it should be 204 + 1223: 204 + }, + xhrSupported = jQuery.ajaxSettings.xhr(); + +support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); +support.ajax = xhrSupported = !!xhrSupported; + +jQuery.ajaxTransport( function( options ) { + var callback, errorCallback; + + // Cross domain only allowed if supported through XMLHttpRequest + if ( support.cors || xhrSupported && !options.crossDomain ) { + return { + send: function( headers, complete ) { + var i, + xhr = options.xhr(); + + xhr.open( + options.type, + options.url, + options.async, + options.username, + options.password + ); + + // Apply custom fields if provided + if ( options.xhrFields ) { + for ( i in options.xhrFields ) { + xhr[ i ] = options.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( options.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( options.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Set headers + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + + // Callback + callback = function( type ) { + return function() { + if ( callback ) { + callback = errorCallback = xhr.onload = + xhr.onerror = xhr.onabort = xhr.ontimeout = + xhr.onreadystatechange = null; + + if ( type === "abort" ) { + xhr.abort(); + } else if ( type === "error" ) { + + // Support: IE <=9 only + // On a manual native abort, IE9 throws + // errors on any property access that is not readyState + if ( typeof xhr.status !== "number" ) { + complete( 0, "error" ); + } else { + complete( + + // File: protocol always yields status 0; see #8605, #14207 + xhr.status, + xhr.statusText + ); + } + } else { + complete( + xhrSuccessStatus[ xhr.status ] || xhr.status, + xhr.statusText, + + // Support: IE <=9 only + // IE9 has no XHR2 but throws on binary (trac-11426) + // For XHR2 non-text, let the caller handle it (gh-2498) + ( xhr.responseType || "text" ) !== "text" || + typeof xhr.responseText !== "string" ? + { binary: xhr.response } : + { text: xhr.responseText }, + xhr.getAllResponseHeaders() + ); + } + } + }; + }; + + // Listen to events + xhr.onload = callback(); + errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); + + // Support: IE 9 only + // Use onreadystatechange to replace onabort + // to handle uncaught aborts + if ( xhr.onabort !== undefined ) { + xhr.onabort = errorCallback; + } else { + xhr.onreadystatechange = function() { + + // Check readyState before timeout as it changes + if ( xhr.readyState === 4 ) { + + // Allow onerror to be called first, + // but that will not handle a native abort + // Also, save errorCallback to a variable + // as xhr.onerror cannot be accessed + window.setTimeout( function() { + if ( callback ) { + errorCallback(); + } + } ); + } + }; + } + + // Create the abort callback + callback = callback( "abort" ); + + try { + + // Do send the request (this may raise an exception) + xhr.send( options.hasContent && options.data || null ); + } catch ( e ) { + + // #14683: Only rethrow if this hasn't been notified as an error yet + if ( callback ) { + throw e; + } + } + }, + + abort: function() { + if ( callback ) { + callback(); + } + } + }; + } +} ); + + + + +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) +jQuery.ajaxPrefilter( function( s ) { + if ( s.crossDomain ) { + s.contents.script = false; + } +} ); + +// Install script dataType +jQuery.ajaxSetup( { + accepts: { + script: "text/javascript, application/javascript, " + + "application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /\b(?:java|ecma)script\b/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +} ); + +// Handle cache's special case and crossDomain +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + } +} ); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function( s ) { + + // This transport only deals with cross domain or forced-by-attrs requests + if ( s.crossDomain || s.scriptAttrs ) { + var script, callback; + return { + send: function( _, complete ) { + script = jQuery( " + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.buildah – Interact with an existing buildah container¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.buildah.

+
+ +
+

Synopsis¶

+
    +
  • Run commands or put/fetch files to an existing container using buildah tool.

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsConfigurationComments
+
+ remote_addr + +
+ string +
+
+ Default:
"inventory_hostname"
+
+
+ var: ansible_host +
+
+
The ID of the container you want to access.
+
+
+ remote_user + +
+ string +
+
+ +
ini entries: +

+ [defaults]
remote_user = None +

+
+
+ env:ANSIBLE_REMOTE_USER +
+
+ var: ansible_user +
+
+
User specified via name or ID which is used to execute commands inside the container.
+
+
+

Authors¶

+
    +
  • Tomas Tomecek (@TomasTomecek)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/genindex.html b/ansible_collections/containers/podman/docs/genindex.html new file mode 100644 index 000000000..93bf0742d --- /dev/null +++ b/ansible_collections/containers/podman/docs/genindex.html @@ -0,0 +1,102 @@ + + + + + + + + Index — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ + +

Index

+ +
+ +
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/index.html b/ansible_collections/containers/podman/docs/index.html new file mode 100644 index 000000000..8ded11c9a --- /dev/null +++ b/ansible_collections/containers/podman/docs/index.html @@ -0,0 +1,153 @@ + + + + + + + + Containers.Podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

Containers.Podman¶

+

Collection version 1.10.1

+
+
+
+

Plugin Index¶

+

These are the plugins in the containers.podman collection

+
+

Become Plugins¶

+ +
+
+

Connection Plugins¶

+
    +
  • buildah – Interact with an existing buildah container

  • +
  • podman – Interact with an existing podman container

  • +
+
+
+

Modules¶

+ +
+

See also

+

List of collections with docs hosted here.

+
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/objects.inv b/ansible_collections/containers/podman/docs/objects.inv new file mode 100644 index 000000000..9f05c4b6e Binary files /dev/null and b/ansible_collections/containers/podman/docs/objects.inv differ diff --git a/ansible_collections/containers/podman/docs/podman_connection.html b/ansible_collections/containers/podman/docs/podman_connection.html new file mode 100644 index 000000000..8b58713f4 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_connection.html @@ -0,0 +1,245 @@ + + + + + + + + containers.podman.podman – Interact with an existing podman container — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman – Interact with an existing podman container¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman.

+
+ +
+

Synopsis¶

+
    +
  • Run commands or put/fetch files to an existing container using podman tool.

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsConfigurationComments
+
+ podman_executable + +
+ string +
+
+ Default:
"podman"
+
+
+ env:ANSIBLE_PODMAN_EXECUTABLE +
+
+ var: ansible_podman_executable +
+
+
Executable for podman command.
+
+
+ podman_extra_args + +
+ string +
+
+ Default:
""
+
+
ini entries: +

+ [defaults]
podman_extra_args = +

+
+
+ env:ANSIBLE_PODMAN_EXTRA_ARGS +
+
+ var: ansible_podman_extra_args +
+
+
Extra arguments to pass to the podman command line.
+
+
+ remote_addr + +
+ string +
+
+ Default:
"inventory_hostname"
+
+
+ var: ansible_host +
+
+ var: inventory_hostname +
+
+ var: ansible_podman_host +
+
+
The ID of the container you want to access.
+
+
+ remote_user + +
+ string +
+
+ +
ini entries: +

+ [defaults]
remote_user = None +

+
+
+ env:ANSIBLE_REMOTE_USER +
+
+ var: ansible_user +
+
+
User specified via name or UID which is used to execute commands inside the container. If you specify the user via UID, you must set ANSIBLE_REMOTE_TMP to a path that exits inside the container and is writable by Ansible.
+
+
+

Authors¶

+
    +
  • Tomas Tomecek (@TomasTomecek)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_container_info_module.html b/ansible_collections/containers/podman/docs/podman_container_info_module.html new file mode 100644 index 000000000..806352e28 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_container_info_module.html @@ -0,0 +1,233 @@ + + + + + + + + containers.podman.podman_container_info – Gather facts about containers using podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_container_info – Gather facts about containers using podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_container_info.

+
+ +
+

Synopsis¶

+
    +
  • Gather facts about containers using podman

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ name + +
+ list + / elements=string
+
+ +
List of container names to gather facts about. If no name is given return facts about all containers.
+
+
+
+

Notes¶

+
+

Note

+
    +
  • Podman may require elevated privileges in order to run properly.

  • +
+
+
+
+

Examples¶

+
- name: Gather facts for all containers
+  containers.podman.podman_container_info:
+
+- name: Gather facts on a specific container
+  containers.podman.podman_container_info:
+    name: web1
+
+- name: Gather facts on several containers
+  containers.podman.podman_container_info:
+    name:
+      - redis
+      - web1
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ containers + +
+ list + / elements=dictionary
+
always +
Facts from all or specificed containers
+
+
Sample:
+
[{'AppArmorProfile': '', 'Args': ['--single-child', '--', 'kolla_start'], 'BoundingCaps': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_FSETID', 'CAP_FOWNER', 'CAP_MKNOD', 'CAP_NET_RAW', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETFCAP', 'CAP_SETPCAP', 'CAP_NET_BIND_SERVICE', 'CAP_SYS_CHROOT', 'CAP_KILL', 'CAP_AUDIT_WRITE'], 'Config': {'Annotations': {'io.kubernetes.cri-o.ContainerType': 'sandbox', 'io.kubernetes.cri-o.TTY': 'false', 'io.podman.annotations.autoremove': 'FALSE', 'io.podman.annotations.init': 'FALSE', 'io.podman.annotations.privileged': 'FALSE', 'io.podman.annotations.publish-all': 'FALSE'}, 'AttachStderr': False, 'AttachStdin': False, 'AttachStdout': False, 'Cmd': ['kolla_start'], 'Domainname': '', 'Entrypoint': 'dumb-init --single-child --', 'Env': ['PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'TERM=xterm', 'HOSTNAME=', 'container=oci', 'KOLLA_INSTALL_METATYPE=rdo', 'KOLLA_BASE_DISTRO=centos', 'KOLLA_INSTALL_TYPE=binary', 'KOLLA_DISTRO_PYTHON_VERSION=2.7', 'KOLLA_BASE_ARCH=x86_64'], 'Hostname': 'c5c39e813703', 'Image': 'docker.io/tripleomaster/centos-haproxy:latest', 'Labels': {'build-date': '20190919', 'kolla_version': '8.1.0', 'name': 'haproxy', 'org.label-schema.build-date': '20190801', 'org.label-schema.license': 'GPLv2', 'org.label-schema.name': 'CentOS Base Image', 'org.label-schema.schema-version': '1.0', 'org.label-schema.vendor': 'CentOS'}, 'OnBuild': None, 'OpenStdin': False, 'StdinOnce': False, 'StopSignal': 15, 'Tty': False, 'User': '', 'Volumes': None, 'WorkingDir': '/'}, 'Created': '2019-10-01T12:51:00.233106443Z', 'Dependencies': [], 'Driver': 'overlay', 'EffectiveCaps': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_FSETID', 'CAP_FOWNER', 'CAP_MKNOD', 'CAP_NET_RAW', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETFCAP', 'CAP_SETPCAP', 'CAP_NET_BIND_SERVICE', 'CAP_SYS_CHROOT', 'CAP_KILL', 'CAP_AUDIT_WRITE'], 'ExecIDs': [], 'ExitCommand': ['/usr/bin/podman', '--root', '/var/lib/containers/storage', '--runroot', '/var/run/containers/storage', '--log-level', 'error', '--cgroup-manager', 'systemd', '--tmpdir', '/var/run/libpod', '--runtime', 'runc', '--storage-driver', 'overlay', '--events-backend', 'journald', 'container', 'cleanup', 'c9e813703f9b80a6ea2ad665aa9946435934e478a0c5322da835f3883872f'], 'GraphDriver': {'Name': 'overlay'}, 'HostConfig': {'AutoRemove': False, 'Binds': [], 'BlkioDeviceReadBps': None, 'BlkioDeviceReadIOps': None, 'BlkioDeviceWriteBps': None, 'BlkioDeviceWriteIOps': None, 'BlkioWeight': 0, 'BlkioWeightDevice': None, 'CapAdd': [], 'CapDrop': [], 'Cgroup': '', 'CgroupParent': '', 'ConsoleSize': [0, 0], 'ContainerIDFile': '', 'CpuCount': 0, 'CpuPercent': 0, 'CpuPeriod': 0, 'CpuQuota': 0, 'CpuRealtimePeriod': 0, 'CpuRealtimeRuntime': 0, 'CpuShares': 0, 'CpusetCpus': '', 'CpusetMems': '', 'Devices': [], 'DiskQuota': 0, 'Dns': [], 'DnsOptions': [], 'DnsSearch': [], 'ExtraHosts': [], 'GroupAdd': [], 'IOMaximumBandwidth': 0, 'IOMaximumIOps': 0, 'IpcMode': '', 'Isolation': '', 'KernelMemory': 0, 'Links': None, 'LogConfig': {'Config': None, 'Type': 'k8s-file'}, 'Memory': 0, 'MemoryReservation': 0, 'MemorySwap': 0, 'MemorySwappiness': -1, 'NanoCpus': 0, 'NetworkMode': 'default', 'OomKillDisable': False, 'OomScoreAdj': 0, 'PidMode': '', 'PidsLimit': 0, 'PortBindings': {}, 'Privileged': False, 'PublishAllPorts': False, 'ReadonlyRootfs': False, 'RestartPolicy': {'MaximumRetryCount': 0, 'Name': ''}, 'Runtime': 'oci', 'SecurityOpt': [], 'ShmSize': 65536000, 'Tmpfs': {}, 'UTSMode': '', 'Ulimits': [{'Hard': 1048576, 'Name': 'RLIMIT_NOFILE', 'Soft': 1048576}, {'Hard': 1048576, 'Name': 'RLIMIT_NPROC', 'Soft': 1048576}], 'UsernsMode': '', 'VolumeDriver': '', 'VolumesFrom': None}, 'HostnamePath': '', 'HostsPath': '', 'Id': 'c5c39f9b80a6ea2ad665aa9946435934e478a0c5322da835f3883872f', 'Image': '0e267acda67d0ebd643e900d820a91b961d859743039e620191ca1', 'ImageName': 'docker.io/tripleomaster/centos-haproxy:latest', 'IsInfra': False, 'MountLabel': 'system_u:object_r:svirt_sandbox_file_t:s0:c78,c866', 'Mounts': [], 'Name': 'haproxy', 'Namespace': '', 'NetworkSettings': {'Bridge': '', 'EndpointID': '', 'Gateway': '', 'GlobalIPv6Address': '', 'GlobalIPv6PrefixLen': 0, 'HairpinMode': False, 'IPAddress': '', 'IPPrefixLen': 0, 'IPv6Gateway': '', 'LinkLocalIPv6Address': '', 'LinkLocalIPv6PrefixLen': 0, 'MacAddress': '', 'Ports': [], 'SandboxID': '', 'SandboxKey': '', 'SecondaryIPAddresses': None, 'SecondaryIPv6Addresses': None}, 'OCIRuntime': 'runc', 'Path': 'dumb-init', 'Pod': '', 'ProcessLabel': 'system_u:system_r:svirt_lxc_net_t:s0:c785,c866', 'ResolvConfPath': '', 'RestartCount': 0, 'Rootfs': '', 'State': {'Dead': False, 'Error': '', 'ExitCode': 0, 'FinishedAt': '0001-01-01T00:00:00Z', 'Healthcheck': {'FailingStreak': 0, 'Log': None, 'Status': ''}, 'OOMKilled': False, 'OciVersion': '1.0.1-dev', 'Paused': False, 'Pid': 0, 'Restarting': False, 'Running': False, 'StartedAt': '0001-01-01T00:00:00Z', 'Status': 'configured'}}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
  • Emilien Macchi (@EmilienM)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_container_module.html b/ansible_collections/containers/podman/docs/podman_container_module.html new file mode 100644 index 000000000..71d65355f --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_container_module.html @@ -0,0 +1,2319 @@ + + + + + + + + containers.podman.podman_container – Manage podman containers — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_container – Manage podman containers¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_container.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Start, stop, restart and manage Podman containers

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ annotation + +
+ dictionary +
+
+ +
Add an annotation to the container. The format is key value, multiple times.
+
+
+ authfile + +
+ path +
+
+ +
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` (Not available for remote commands) You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
+
+
+ blkio_weight + +
+ integer +
+
+ +
Block IO weight (relative weight) accepts a weight value between 10 and 1000
+
+
+ blkio_weight_device + +
+ dictionary +
+
+ +
Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
+
+
+ cap_add + +
+ list + / elements=string
+
+ +
List of capabilities to add to the container.
+

aliases: capabilities
+
+
+ cap_drop + +
+ list + / elements=string
+
+ +
List of capabilities to drop from the container.
+
+
+ cgroup_parent + +
+ path +
+
+ +
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
+
+
+ cgroupns + +
+ string +
+
+ +
Path to cgroups under which the cgroup for the container will be created.
+
+
+ cgroups + +
+ string +
+
+ +
Determines whether the container will create CGroups. Valid values are enabled and disabled, which the default being enabled. The disabled option will force the container to not create CGroups, and thus conflicts with CGroup options cgroupns and cgroup-parent.
+
+
+ cidfile + +
+ path +
+
+ +
Write the container ID to the file
+
+
+ cmd_args + +
+ list + / elements=string
+
+ +
Any additional command options you want to pass to podman command, cmd_args - ['--other-param', 'value'] Be aware module doesn't support idempotency if this is set.
+
+
+ command + +
+ raw +
+
+ +
Override command of container. Can be a string or a list.
+
+
+ conmon_pidfile + +
+ path +
+
+ +
Write the pid of the conmon process to a file. conmon runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
+
+
+ cpu_period + +
+ integer +
+
+ +
Limit the CPU real-time period in microseconds
+
+
+ cpu_rt_period + +
+ integer +
+
+ +
Limit the CPU real-time period in microseconds. Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify.
+
+
+ cpu_rt_runtime + +
+ integer +
+
+ +
Limit the CPU real-time runtime in microseconds. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume.
+
+
+ cpu_shares + +
+ integer +
+
+ +
CPU shares (relative weight)
+
+
+ cpus + +
+ string +
+
+ +
Number of CPUs. The default is 0.0 which means no limit.
+
+
+ cpuset_cpus + +
+ string +
+
+ +
CPUs in which to allow execution (0-3, 0,1)
+
+
+ cpuset_mems + +
+ string +
+
+ +
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
+
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Return additional information which can be helpful for investigations.
+
+
+ detach + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Run container in detach mode
+
+
+ detach_keys + +
+ string +
+
+ +
Override the key sequence for detaching a container. Format is a single character or ctrl-value
+
+
+ device + +
+ list + / elements=string
+
+ +
Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>] (e.g. device /dev/sdc:/dev/xvdc:rwm)
+
+
+ device_read_bps + +
+ list + / elements=string
+
+ +
Limit read rate (bytes per second) from a device (e.g. device-read-bps /dev/sda:1mb)
+
+
+ device_read_iops + +
+ list + / elements=string
+
+ +
Limit read rate (IO per second) from a device (e.g. device-read-iops /dev/sda:1000)
+
+
+ device_write_bps + +
+ list + / elements=string
+
+ +
Limit write rate (bytes per second) to a device (e.g. device-write-bps /dev/sda:1mb)
+
+
+ device_write_iops + +
+ list + / elements=string
+
+ +
Limit write rate (IO per second) to a device (e.g. device-write-iops /dev/sda:1000)
+
+
+ dns + +
+ list + / elements=string
+
+ +
Set custom DNS servers
+

aliases: dns_servers
+
+
+ dns_option + +
+ string +
+
+ +
Set custom DNS options
+

aliases: dns_opts
+
+ + dns_search + +
+ string +
+
+ +
Set custom DNS search domains (Use dns_search with '' if you don't wish to set the search domain)
+

aliases: dns_search_domains
+
+
+ entrypoint + +
+ string +
+
+ +
Overwrite the default ENTRYPOINT of the image
+
+
+ env + +
+ dictionary +
+
+ +
Set environment variables. This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container.
+
+
+ env_file + +
+ path +
+
+ +
Read in a line delimited file of environment variables. Doesn't support idempotency. If users changes the file with environment variables it's on them to recreate the container.
+
+
+ env_host + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Use all current host environment variables in container. Defaults to false.
+
+
+ etc_hosts + +
+ dictionary +
+
+ +
Dict of host-to-IP mappings, where each host name is a key in the dictionary. Each host name will be added to the container's ``/etc/hosts`` file.
+

aliases: add_hosts
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ expose + +
+ list + / elements=string
+
+ +
Expose a port, or a range of ports (e.g. expose "3300-3310") to set up port redirection on the host system.
+

aliases: exposed, exposed_ports
+
+
+ force_restart + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Force restart of container.
+

aliases: restart
+
+
+ generate_systemd + +
+ dictionary +
+
+ Default:
{}
+
+
Generate systemd unit file for container.
+
+
+ after + +
+ list + / elements=string
+
+ +
Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.
+
+
+ container_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for containers. The default is "container".
+
+
+ names + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Use names of the containers for the start, stop, and description in the unit file. Default is true.
+
+
+ new + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Create containers and pods when the unit is started instead of expecting them to exist. The default is "false". Refer to podman-generate-systemd(1) for more information.
+
+
+ no_header + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Do not generate the header including meta data such as the Podman version and the timestamp. From podman version 3.1.0.
+
+
+ path + +
+ string +
+
+ +
Specify a path to the directory where unit files will be generated. Required for this option. If it doesn't exist, the directory will be created.
+
+
+ pod_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for pods. The default is "pod".
+
+
+ requires + +
+ list + / elements=string
+
+ +
Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.
+
+
+ restart_policy + +
+ string +
+
+
    Choices: +
  • no
  • +
  • on-success
  • +
  • on-failure
  • +
  • on-abnormal
  • +
  • on-watchdog
  • +
  • on-abort
  • +
  • always
  • +
+
+
Specify a restart policy for the service. The restart-policy must be one of "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always". The default policy is "on-failure".
+
+
+ separator + +
+ string +
+
+ +
Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is "-" (dash).
+
+
+ time + +
+ integer +
+
+ +
Override the default stop timeout for the container with the given value.
+
+
+ wants + +
+ list + / elements=string
+
+ +
Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.
+
+
+ gidmap + +
+ list + / elements=string
+
+ +
Run the container in a new user namespace using the supplied mapping.
+
+
+ group_add + +
+ list + / elements=string
+
+ +
Add additional groups to run as
+

aliases: groups
+
+
+ healthcheck + +
+ string +
+
+ +
Set or alter a healthcheck command for a container.
+
+
+ healthcheck_interval + +
+ string +
+
+ +
Set an interval for the healthchecks (a value of disable results in no automatic timer setup) (default "30s")
+
+
+ healthcheck_retries + +
+ integer +
+
+ +
The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is 3.
+
+
+ healthcheck_start_period + +
+ string +
+
+ +
The initialization time needed for a container to bootstrap. The value can be expressed in time format like 2m3s. The default value is 0s
+
+
+ healthcheck_timeout + +
+ string +
+
+ +
The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the value can be expressed in a time format such as 1m22s. The default value is 30s
+
+
+ hostname + +
+ string +
+
+ +
Container host name. Sets the container host name that is available inside the container.
+
+
+ http_proxy + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
By default proxy environment variables are passed into the container if set for the podman process. This can be disabled by setting the http_proxy option to false. The environment variables passed in include http_proxy, https_proxy, ftp_proxy, no_proxy, and also the upper case versions of those. Defaults to true
+
+
+ image + +
+ string +
+
+ +
Repository path (or image name) and tag used to create the container. If an image is not found, the image will be pulled from the registry. If no tag is included, latest will be used.
+
Can also be an image ID. If this is the case, the image is assumed to be available locally.
+
+
+ image_strict + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Whether to compare images in idempotency by taking into account a full name with registry and namespaces.
+
+
+ image_volume + +
+ string +
+
+
    Choices: +
  • bind
  • +
  • tmpfs
  • +
  • ignore
  • +
+
+
Tells podman how to handle the builtin image volumes. The options are bind, tmpfs, or ignore (default bind)
+
+
+ init + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Run an init inside the container that forwards signals and reaps processes. The default is false.
+
+
+ init_path + +
+ string +
+
+ +
Path to the container-init binary.
+
+
+ interactive + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Keep STDIN open even if not attached. The default is false. When set to true, keep stdin open even if not attached. The default is false.
+
+
+ ip + +
+ string +
+
+ +
Specify a static IP address for the container, for example '10.88.64.128'. Can only be used if no additional CNI networks to join were specified via 'network:', and if the container is not joining another container's network namespace via 'network container:<name|id>'. The address must be within the default CNI network's pool (default 10.88.0.0/16).
+
+
+ ipc + +
+ string +
+
+ +
Default is to create a private IPC namespace (POSIX SysV IPC) for the container
+

aliases: ipc_mode
+
+
+ kernel_memory + +
+ string +
+
+ +
Kernel memory limit (format <number>[<unit>], where unit = b, k, m or g) Note - idempotency is supported for integers only.
+
+
+ label + +
+ dictionary +
+
+ +
Add metadata to a container, pass dictionary of label names and values
+

aliases: labels
+
+
+ label_file + +
+ string +
+
+ +
Read in a line delimited file of labels
+
+
+ log_driver + +
+ string +
+
+
    Choices: +
  • k8s-file
  • +
  • journald
  • +
  • json-file
  • +
+
+
Logging driver. Used to set the log driver for the container. For example log_driver "k8s-file".
+
+
+ log_level + +
+ string +
+
+
    Choices: +
  • debug
  • +
  • info
  • +
  • warn
  • +
  • error
  • +
  • fatal
  • +
  • panic
  • +
+
+
Logging level for Podman. Log messages above specified level ("debug"|"info"|"warn"|"error"|"fatal"|"panic") (default "error")
+
+
+ log_opt + +
+ dictionary +
+
+ +
Logging driver specific options. Used to set the path to the container log file.
+

aliases: log_options
+
+
+ max_size + +
+ string +
+
+ +
Specify a max size of the log file (e.g 10mb).
+
+
+ path + +
+ string +
+
+ +
Specify a path to the log file (e.g. /var/log/container/mycontainer.json).
+
+
+ tag + +
+ string +
+
+ +
Specify a custom log tag for the container.
+
+
+ mac_address + +
+ string +
+
+ +
Specify a MAC address for the container, for example '92:d0:c6:0a:29:33'. Don't forget that it must be unique within one Ethernet network.
+
+
+ memory + +
+ string +
+
+ +
Memory limit (format 10k, where unit = b, k, m or g) Note - idempotency is supported for integers only.
+
+
+ memory_reservation + +
+ string +
+
+ +
Memory soft limit (format 100m, where unit = b, k, m or g) Note - idempotency is supported for integers only.
+
+
+ memory_swap + +
+ string +
+
+ +
A limit value equal to memory plus swap. Must be used with the -m (--memory) flag. The swap LIMIT should always be larger than -m (--memory) value. By default, the swap LIMIT will be set to double the value of --memory Note - idempotency is supported for integers only.
+
+
+ memory_swappiness + +
+ integer +
+
+ +
Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+
+
+ mount + +
+ list + / elements=string
+
+ +
Attach a filesystem mount to the container. bind or tmpfs For example mount "type=bind,source=/path/on/host,destination=/path/in/container"
+

aliases: mounts
+
+
+ name + +
+ string + / required
+
+ +
Name of the container
+
+
+ network + +
+ list + / elements=string
+
+ +
Set the Network mode for the container * bridge create a network stack on the default bridge * none no networking * container:<name|id> reuse another container's network stack * host use the podman host network stack. * <network-name>|<network-id> connect to a user-defined network * ns:<path> path to a network namespace to join * slirp4netns use slirp4netns to create a user network stack. This is the default for rootless containers
+

aliases: net, network_mode
+
+
+ network_aliases + +
+ list + / elements=string
+
+ +
Add network-scoped alias for the container. A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release.
+
+
+ no_hosts + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Do not create /etc/hosts for the container Default is false.
+
+
+ oom_kill_disable + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Whether to disable OOM Killer for the container or not. Default is false.
+
+
+ oom_score_adj + +
+ integer +
+
+ +
Tune the host's OOM preferences for containers (accepts -1000 to 1000)
+
+
+ pid + +
+ string +
+
+ +
Set the PID mode for the container
+

aliases: pid_mode
+
+
+ pids_limit + +
+ string +
+
+ +
Tune the container's PIDs limit. Set -1 to have unlimited PIDs for the container.
+
+
+ pod + +
+ string +
+
+ +
Run container in an existing pod. If you want podman to make the pod for you, prefix the pod name with "new:"
+
+
+ privileged + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Give extended privileges to this container. The default is false.
+
+
+ publish + +
+ list + / elements=string
+
+ +
Publish a container's port, or range of ports, to the host. Format - ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort In case of only containerPort is set, the hostPort will chosen randomly by Podman.
+

aliases: ports, published, published_ports
+
+
+ publish_all + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Publish all exposed ports to random ports on the host interfaces. The default is false.
+
+
+ read_only + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Mount the container's root filesystem as read only. Default is false
+
+
+ read_only_tmpfs + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is true
+
+
+ recreate + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Use with present and started states to force the re-creation of an existing container.
+
+
+ requires + +
+ list + / elements=string
+
+ +
Specify one or more requirements. A requirement is a dependency container that will be started before this container. Containers can be specified by name or ID.
+
+
+ restart_policy + +
+ string +
+
+ +
Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the podman kill or podman stop commands. Valid values are * no - Do not restart containers on exit * on-failure[:max_retries] - Restart containers when they exit with a non-0 exit code, retrying indefinitely or until the optional max_retries count is hit * always - Restart containers when they exit, regardless of status, retrying indefinitely
+
+
+ rm + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Automatically remove the container when it exits. The default is false.
+

aliases: remove, auto_remove
+
+
+ rootfs + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
If true, the first argument refers to an exploded container on the file system. The default is false.
+
+
+ sdnotify + +
+ string +
+
+ +
Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. Can be container, conmon, ignore.
+
+
+ secrets + +
+ list + / elements=string
+
+ +
Add the named secrets into the container. The format is secret[,opt=opt...], see documentation for more details.
+
+
+ security_opt + +
+ list + / elements=string
+
+ +
Security Options. For example security_opt "seccomp=unconfined"
+
+
+ shm_size + +
+ string +
+
+ +
Size of /dev/shm. The format is <number><unit>. number must be greater than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes), or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses 64m
+
+
+ sig_proxy + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Proxy signals sent to the podman run command to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • absent
  • +
  • present
  • +
  • stopped
  • +
  • started ←
  • +
  • created
  • +
+
+
absent - A container matching the specified name will be stopped and removed.
+
present - Asserts the existence of a container matching the name and any provided configuration parameters. If no container matches the name, a container will be created. If a container matches the name but the provided configuration does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the requested config. Image version will be taken into account when comparing configuration. Use the recreate option to force the re-creation of the matching container.
+
started - Asserts there is a running container matching the name and any provided configuration. If no container matches the name, a container will be created and started. Use recreate to always re-create a matching container, even if it is running. Use force_restart to force a matching container to be stopped and restarted.
+
stopped - Asserts that the container is first present, and then if the container is running moves it to a stopped state.
+
created - Asserts that the container exists with given configuration. If container doesn't exist, the module creates it and leaves it in 'created' state. If configuration doesn't match or 'recreate' option is set, the container will be recreated
+
+
+ stop_signal + +
+ integer +
+
+ +
Signal to stop a container. Default is SIGTERM.
+
+
+ stop_timeout + +
+ integer +
+
+ +
Timeout (in seconds) to stop a container. Default is 10.
+
+
+ subgidname + +
+ string +
+
+ +
Run the container in a new user namespace using the map with 'name' in the /etc/subgid file.
+
+
+ subuidname + +
+ string +
+
+ +
Run the container in a new user namespace using the map with 'name' in the /etc/subuid file.
+
+
+ sysctl + +
+ dictionary +
+
+ +
Configure namespaced kernel parameters at runtime
+
+
+ systemd + +
+ string +
+
+ +
Run container in systemd mode. The default is true.
+
+
+ timezone + +
+ string +
+
+ +
Set timezone in container. This flag takes area-based timezones, GMT time, as well as local, which sets the timezone in the container to match the host machine. See /usr/share/zoneinfo/ for valid timezones. Remote connections use local containers.conf for defaults.
+
+
+ tmpfs + +
+ dictionary +
+
+ +
Create a tmpfs mount. For example tmpfs "/tmp" "rw,size=787448k,mode=1777"
+
+
+ tty + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Allocate a pseudo-TTY. The default is false.
+
+
+ uidmap + +
+ list + / elements=string
+
+ +
Run the container in a new user namespace using the supplied mapping.
+
+
+ ulimit + +
+ list + / elements=string
+
+ +
Ulimit options
+

aliases: ulimits
+
+
+ user + +
+ string +
+
+ +
Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+
+ userns + +
+ string +
+
+ +
Set the user namespace mode for the container. It defaults to the PODMAN_USERNS environment variable. An empty value means user namespaces are disabled.
+

aliases: userns_mode
+
+
+ uts + +
+ string +
+
+ +
Set the UTS mode for the container
+
+
+ volume + +
+ list + / elements=string
+
+ +
Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR, podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the podman container.
+

aliases: volumes
+
+
+ volumes_from + +
+ list + / elements=string
+
+ +
Mount volumes from the specified container(s).
+
+
+ workdir + +
+ string +
+
+ +
Working directory inside the container. The default working directory for running binaries within a container is the root directory (/).
+

aliases: working_dir
+
+
+
+

Examples¶

+
- name: Run container
+  containers.podman.podman_container:
+    name: container
+    image: quay.io/bitnami/wildfly
+    state: started
+
+- name: Create a data container
+  containers.podman.podman_container:
+    name: mydata
+    image: busybox
+    volume:
+      - /tmp/data
+
+- name: Re-create a redis container with systemd service file generated in /tmp/
+  containers.podman.podman_container:
+    name: myredis
+    image: redis
+    command: redis-server --appendonly yes
+    state: present
+    recreate: yes
+    expose:
+      - 6379
+    volumes_from:
+      - mydata
+    generate_systemd:
+      path: /tmp/
+      restart_policy: always
+      time: 120
+      names: true
+      container_prefix: ainer
+
+- name: Restart a container
+  containers.podman.podman_container:
+    name: myapplication
+    image: redis
+    state: started
+    restart: yes
+    etc_hosts:
+        other: "127.0.0.1"
+    restart_policy: "no"
+    device: "/dev/sda:/dev/xvda:rwm"
+    ports:
+        - "8080:9000"
+        - "127.0.0.1:8081:9001/udp"
+    env:
+        SECRET_KEY: "ssssh"
+        BOOLEAN_KEY: "yes"
+
+- name: Container present
+  containers.podman.podman_container:
+    name: mycontainer
+    state: present
+    image: ubuntu:14.04
+    command: "sleep 1d"
+
+- name: Stop a container
+  containers.podman.podman_container:
+    name: mycontainer
+    state: stopped
+
+- name: Start 4 load-balanced containers
+  containers.podman.podman_container:
+    name: "container{{ item }}"
+    recreate: yes
+    image: someuser/anotherappimage
+    command: sleep 1d
+  with_sequence: count=4
+
+- name: remove container
+  containers.podman.podman_container:
+    name: ohno
+    state: absent
+
+- name: Writing output
+  containers.podman.podman_container:
+    name: myservice
+    image: busybox
+    log_options: path=/var/log/container/mycontainer.json
+    log_driver: k8s-file
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ container + +
+ dictionary +
+
always +
Facts representing the current state of the container. Matches the podman inspection output.
+
Note that facts are part of the registered vars since Ansible 2.8. For compatibility reasons, the facts are also accessible directly as podman_container. Note that the returned fact will be removed in Ansible 2.12.
+
Empty if state is absent.
+
+
Sample:
+
{ "AppArmorProfile": "", "Args": [ "sh" ], "BoundingCaps": [ "CAP_CHOWN", ... ], "Config": { "Annotations": { "io.kubernetes.cri-o.ContainerType": "sandbox", "io.kubernetes.cri-o.TTY": "false" }, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": [ "sh" ], "Domainname": "", "Entrypoint": "", "Env": [ "PATH=/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "HOSTNAME=", "container=podman" ], "Hostname": "", "Image": "docker.io/library/busybox:latest", "Labels": null, "OpenStdin": false, "StdinOnce": false, "StopSignal": 15, "Tty": false, "User": { "gid": 0, "uid": 0 }, "Volumes": null, "WorkingDir": "/" }, "ConmonPidFile": "...", "Created": "2019-06-17T19:13:09.873858307+03:00", "Dependencies": [], "Driver": "overlay", "EffectiveCaps": [ "CAP_CHOWN", ... ], "ExecIDs": [], "ExitCommand": [ "/usr/bin/podman", "--root", ... ], "GraphDriver": { ... }, "HostConfig": { ... }, "HostnamePath": "...", "HostsPath": "...", "ID": "...", "Image": "...", "ImageName": "docker.io/library/busybox:latest", "IsInfra": false, "LogPath": "/tmp/container/mycontainer.json", "MountLabel": "system_u:object_r:container_file_t:s0:c282,c782", "Mounts": [ ... ], "Name": "myservice", "Namespace": "", "NetworkSettings": { "Bridge": "", ... }, "Path": "sh", "ProcessLabel": "system_u:system_r:container_t:s0:c282,c782", "ResolvConfPath": "...", "RestartCount": 0, "Rootfs": "", "State": { "Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "2019-06-17T19:13:10.157518963+03:00", "Healthcheck": { "FailingStreak": 0, "Log": null, "Status": "" }, "OOMKilled": false, "OciVersion": "1.0.1-dev", "Paused": false, "Pid": 4083, "Restarting": false, "Running": false, "StartedAt": "2019-06-17T19:13:10.152479729+03:00", "Status": "exited" }, "StaticDir": "..." ... }
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_containers_module.html b/ansible_collections/containers/podman/docs/podman_containers_module.html new file mode 100644 index 000000000..4cd64e306 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_containers_module.html @@ -0,0 +1,198 @@ + + + + + + + + containers.podman.podman_containers – Manage podman containers in a batch — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_containers – Manage podman containers in a batch¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_containers.

+
+
+

New in version 1.4.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Manage groups of podman containers

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ containers + +
+ list + / elements=dictionary / required
+
+ +
List of dictionaries with data for running containers for podman_container module.
+
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Return additional information which can be helpful for investigations.
+
+
+
+

Examples¶

+
- name: Run three containers at once
+  podman_containers:
+    containers:
+      - name: alpine
+        image: alpine
+        command: sleep 1d
+      - name: web
+        image: nginx
+      - name: test
+        image: python:3-alpine
+        command: python -V
+
+
+
+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_export_module.html b/ansible_collections/containers/podman/docs/podman_export_module.html new file mode 100644 index 000000000..af1a49562 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_export_module.html @@ -0,0 +1,219 @@ + + + + + + + + containers.podman.podman_export – Export a podman container — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_export – Export a podman container¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_export.

+
+ +
+

Synopsis¶

+
    +
  • podman export exports the filesystem of a container and saves it as a tarball on the local machine

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ container + +
+ string + / required
+
+ +
Container to export.
+
+
+ dest + +
+ string + / required
+
+ +
Path to export container to.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ force + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Force saving to file even if it exists.
+
+
+
+

Examples¶

+
# What modules does for example
+- containers.podman.podman_export:
+    dest: /path/to/tar/file
+    container: container-name
+
+
+
+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_generate_systemd_module.html b/ansible_collections/containers/podman/docs/podman_generate_systemd_module.html new file mode 100644 index 000000000..429be9604 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_generate_systemd_module.html @@ -0,0 +1,547 @@ + + + + + + + + containers.podman.podman_generate_systemd – Generate systemd unit from a pod or a container — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_generate_systemd – Generate systemd unit from a pod or a container¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_generate_systemd.

+
+ +
+

Synopsis¶

+
    +
  • Generate systemd .service unit file(s) from a pod or a container

  • +
  • Support Ansible check mode

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on target host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ after + +
+ list + / elements=string
+
+ +
Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.
+
This option may be specified more than once.
+
User-defined dependencies will be appended to the generated unit file
+
But any existing options such as needed or defined by default (e.g. online.target) will not be removed or overridden.
+
Only with Podman 4.0.0 and above
+
+
+ container_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for containers.
+
If not set, use the default defined by podman, container.
+
Refer to podman-generate-systemd(1) man page for more information.
+
+
+ dest + +
+ path +
+
+ +
Destination of the generated systemd unit file(s)
+
+
+ env + +
+ dictionary +
+
+ +
Set environment variables to the systemd unit files.
+
Keys are the environment variable names, and values are the environment variable values
+
Only with Podman 4.3.0 and above
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Podman executable name or full path
+
+
+ name + +
+ string + / required
+
+ +
Name of the pod or container to export
+
+
+ new + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Generate unit files that create containers and pods, not only start them.
+
Refer to podman-generate-systemd(1) man page for more information.
+
+
+ no_header + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Do not generate the header including meta data such as the Podman version and the timestamp.
+
+
+ pod_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for pods.
+
If not set, use the default defined by podman, pod.
+
Refer to podman-generate-systemd(1) man page for more information.
+
+
+ requires + +
+ list + / elements=string
+
+ +
Set the systemd unit requires (Requires=) option.
+
Similar to wants, but declares a stronger requirement dependency.
+
Only with Podman 4.0.0 and above
+
+
+ restart_policy + +
+ string +
+
+
    Choices: +
  • no-restart
  • +
  • on-success
  • +
  • on-failure
  • +
  • on-abnormal
  • +
  • on-watchdog
  • +
  • on-abort
  • +
  • always
  • +
+
+
Restart policy of the service
+
+
+ restart_sec + +
+ integer +
+
+ +
Configures the time to sleep before restarting a service (as configured with restart-policy).
+
Takes a value in seconds.
+
Only with Podman 4.0.0 and above
+
+
+ separator + +
+ string +
+
+ +
Systemd unit name separator between the name/id of a container/pod and the prefix.
+
If not set, use the default defined by podman, -.
+
Refer to podman-generate-systemd(1) man page for more information.
+
+
+ start_timeout + +
+ integer +
+
+ +
Override the default start timeout for the container with the given value in seconds.
+
Only with Podman 4.0.0 and above
+
+
+ stop_timeout + +
+ integer +
+
+ +
Override the default stop timeout for the container with the given value in seconds.
+
+
+ use_names + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Use name of the containers for the start, stop, and description in the unit file.
+
+
+ wants + +
+ list + / elements=string
+
+ +
Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.
+
This option may be specified more than once.
+
This option does not influence the order in which services are started or stopped.
+
User-defined dependencies will be appended to the generated unit file
+
But any existing options such as needed or defined by default (e.g. online.target) will not be removed or overridden.
+
Only with Podman 4.0.0 and above
+
+
+
+

Notes¶

+
+

Note

+
    +
  • You can store your systemd unit files in /etc/systemd/user/ for system wide usage

  • +
  • Or you can store them in ~/.config/systemd/user/ for usage at a specific user

  • +
  • If you indicate a pod, the systemd units for it and all its containers will be generated

  • +
  • Create all your pods, containers and their dependencies before generating the systemd files

  • +
  • If a container or pod is already started before you do a systemctl daemon reload, systemd will not see the container or pod as started

  • +
  • Stop your container or pod before you do a systemctl daemon reload, then you can start them with systemctl start my_container.service

  • +
+
+
+
+

Examples¶

+
# Exemple of creating a container and integrate it into systemd
+- name: A postgres container must exist, stopped
+  containers.podman.podman_container:
+    name: postgres_local
+    image: docker.io/library/postgres:latest
+    state: stopped
+
+- name: Systemd unit files for postgres container must exist
+  containers.podman.podman_generate_systemd:
+    name: postgres_local
+    dest: ~/.config/systemd/user/
+
+- name: Postgres container must be started and enabled on systemd
+  ansible.builtin.systemd:
+    name: container-postgres_local
+    daemon_reload: yes
+    state: started
+    enabled: yes
+
+
+# Generate the unit files, but store them on an Ansible variable
+# instead of writting them on target host
+- name: Systemd unit files for postgres container must be generated
+  containers.podman.podman_generate_systemd:
+    name: postgres_local
+  register: postgres_local_systemd_unit
+
+# Generate the unit files with environment variables sets
+- name: Systemd unit files for postgres container must be generated
+  containers.podman.podman_generate_systemd:
+    name: postgres_local
+    env:
+      POSTGRES_USER: my_app
+      POSTGRES_PASSWORD: example
+  register: postgres_local_systemd_unit
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ podman_command + +
+ string +
+
always +
A copy of the podman command used to generate the systemd unit(s)
+
+
Sample:
+
podman generate systemd my_webapp
+
+
+ systemd_units + +
+ dictionary +
+
always +
A copy of the generated systemd .service unit(s)
+
+
Sample:
+
{'container-postgres_local': ' #Content of the systemd .servec unit for postgres_local container', 'pod-my_webapp': ' #Content of the systemd .servec unit for my_webapp pod'}
+
+

+

Authors¶

+
    +
  • Sébastien Gendre (@CyberFox001)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_image_info_module.html b/ansible_collections/containers/podman/docs/podman_image_info_module.html new file mode 100644 index 000000000..0a4d8268d --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_image_info_module.html @@ -0,0 +1,224 @@ + + + + + + + + containers.podman.podman_image_info – Gather info about images using podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_image_info – Gather info about images using podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_image_info.

+
+ +
+

Synopsis¶

+
    +
  • Gather info about images using podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ name + +
+ list + / elements=string
+
+ +
List of tags or UID to gather info about. If no name is given return info about all images.
+
+
+
+

Notes¶

+
+

Note

+
    +
  • Podman may required elevated privileges in order to run properly.

  • +
+
+
+
+

Examples¶

+
- name: Gather info for all images
+  containers.podman.podman_image_info:
+
+- name: Gather info on a specific image
+  containers.podman.podman_image_info:
+    name: nginx
+
+- name: Gather info on several images
+  containers.podman.podman_image_info:
+    name:
+      - redis
+      - quay.io/bitnami/wildfly
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ images + +
+ dictionary +
+
always +
info from all or specified images
+
+
Sample:
+
[{'Annotations': {}, 'Architecture': 'amd64', 'Author': '', 'Comment': 'from Bitnami with love', 'ContainerConfig': {'Cmd': ['nami', 'start', '--foreground', 'wildfly'], 'Entrypoint': ['/app-entrypoint.sh'], 'Env': ['PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'IMAGE_OS=debian-9', 'NAMI_VERSION=0.0.9-0', 'GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu', 'TINI_VERSION=v0.13.2', 'TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7', 'GOSU_VERSION=1.10', 'GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4', 'BITNAMI_IMAGE_VERSION=14.0.1-debian-9-r12', 'BITNAMI_APP_NAME=wildfly', 'WILDFLY_JAVA_HOME=', 'WILDFLY_JAVA_OPTS=', 'WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990', 'WILDFLY_PASSWORD=bitnami', 'WILDFLY_PUBLIC_CONSOLE=true', 'WILDFLY_SERVER_AJP_PORT_NUMBER=8009', 'WILDFLY_SERVER_HTTP_PORT_NUMBER=8080', 'WILDFLY_SERVER_INTERFACE=0.0.0.0', 'WILDFLY_USERNAME=user', 'WILDFLY_WILDFLY_HOME=/home/wildfly', 'WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false'], 'ExposedPorts': {'8080/tcp': {}, '9990/tcp': {}}, 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}}, 'Created': '2018-09-25T04:07:45.934395523Z', 'Digest': 'sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b', 'GraphDriver': {'Data': {'LowerDir': '/var/lib/containers/storage/overlay/a9dbf5616cc16919a8ac0dfc60aff87a72b5be52994c4649fcc91a089a12931f/diff:/var/lib/containers/storage/overlay/67129bd46022122a7d8b7acb490092af6c7ce244ce4fbd7d9e2d2b7f5979e090/diff:/var/lib/containers/storage/overlay/7c51242c4c5db5c74afda76d7fdbeab6965d8b21804bb3fc597dee09c770b0ca/diff:/var/lib/containers/storage/overlay/f97315dc58a9c002ba0cabccb9933d4b0d2113733d204188c88d72f75569b57b/diff:/var/lib/containers/storage/overlay/1dbde2dd497ddde2b467727125b900958a051a72561e58d29abe3d660dcaa9a7/diff:/var/lib/containers/storage/overlay/4aad9d80f30c3f0608f58173558b7554d84dee4dc4479672926eca29f75e6e33/diff:/var/lib/containers/storage/overlay/6751fc9b6868254870c062d75a511543fc8cfda2ce6262f4945f107449219632/diff:/var/lib/containers/storage/overlay/a27034d79081347421dd24d7e9e776c18271cd9a6e51053cb39af4d3d9c400e8/diff:/var/lib/containers/storage/overlay/537cf0045ed9cd7989f7944e7393019c81b16c1799a2198d8348cd182665397f/diff:/var/lib/containers/storage/overlay/27578615c5ae352af4e8449862d61aaf5c11b105a7d5905af55bd01b0c656d6e/diff:/var/lib/containers/storage/overlay/566542742840fe3034b3596f7cb9e62a6274c95a69f368f9e713746f8712c0b6/diff', 'MergedDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/merged', 'UpperDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/diff', 'WorkDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/work'}, 'Name': 'overlay'}, 'Id': 'bcacbdf7a119c0fa934661ca8af839e625ce6540d9ceb6827cdd389f823d49e0', 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}, 'ManifestType': 'application/vnd.docker.distribution.manifest.v1+prettyjws', 'Os': 'linux', 'Parent': '', 'RepoDigests': ['quay.io/bitnami/wildfly@sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b'], 'RepoTags': ['quay.io/bitnami/wildfly:latest'], 'RootFS': {'Layers': ['sha256:75391df2c87e076b0c2f72d20c95c57dc8be7ee684cc07273416cce622b43367', 'sha256:7dd303f041039bfe8f0833092673ac35f93137d10e0fbc4302021ea65ad57731', 'sha256:720d9edf0cd2a9bb56b88b80be9070dbfaad359514c70094c65066963fed485d', 'sha256:6a567ecbf97725501a634fcb486271999aa4591b633b4ae9932a46b40f5aaf47', 'sha256:59e9a6db8f178f3da868614564faabb2820cdfb69be32e63a4405d6f7772f68c', 'sha256:310a82ccb092cd650215ab375da8943d235a263af9a029b8ac26a281446c04db', 'sha256:36cb91cf4513543a8f0953fed785747ea18b675bc2677f3839889cfca0aac79e'], 'Type': 'layers'}, 'Size': 569919342, 'User': '', 'Version': '17.06.0-ce', 'VirtualSize': 569919342}]
+
+

+

Authors¶

+
    +
  • Sam Doran (@samdoran)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_image_module.html b/ansible_collections/containers/podman/docs/podman_image_module.html new file mode 100644 index 000000000..48e2c5e1c --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_image_module.html @@ -0,0 +1,785 @@ + + + + + + + + containers.podman.podman_image – Pull images for use by podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_image – Pull images for use by podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_image.

+
+ +
+

Synopsis¶

+
    +
  • Build, pull, or push images using Podman.

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ auth_file + +
+ path +
+
+ +
Path to file containing authorization credentials to the remote registry.
+

aliases: authfile
+
+
+ build + +
+ dictionary +
+
+ Default:
{}
+
+
Arguments that control image build.
+

aliases: build_args, buildargs
+
+
+ annotation + +
+ dictionary +
+
+ +
Dictionary of key=value pairs to add to the image. Only works with OCI images. Ignored for Docker containers.
+
+
+ cache + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Whether or not to use cached layers when building an image
+
+
+ extra_args + +
+ string +
+
+ +
Extra args to pass to build, if executed. Does not idempotently check for new build args.
+
+
+ file + +
+ path +
+
+ +
Path to the Containerfile if it is not in the build context directory.
+
+
+ force_rm + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Always remove intermediate containers after a build, even if the build is unsuccessful.
+
+
+ format + +
+ string +
+
+
    Choices: +
  • docker
  • +
  • oci ←
  • +
+
+
Format of the built image.
+
+
+ rm + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Remove intermediate containers after a successful build
+
+
+ volume + +
+ list + / elements=string
+
+ +
Specify multiple volume / mount options to mount one or more mounts to a container.
+
+
+ ca_cert_dir + +
+ path +
+
+ +
Path to directory containing TLS certificates and keys to use.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman.
+
+
+ force + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Whether or not to force push or pull an image.
+
When building, force the build even if the image already exists.
+
+
+ name + +
+ string + / required
+
+ +
Name of the image to pull, push, or delete. It may contain a tag using the format image:tag.
+
+
+ password + +
+ string +
+
+ +
Password to use when authenticating to remote registries.
+
+
+ path + +
+ string +
+
+ +
Path to the build context directory.
+
+
+ pull + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Whether or not to pull the image.
+
+
+ push + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Whether or not to push an image.
+
+
+ push_args + +
+ dictionary +
+
+ Default:
{}
+
+
Arguments that control pushing images.
+
+
+ compress + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Compress tarball image layers when pushing to a directory using the 'dir' transport.
+
+
+ dest + +
+ string +
+
+ +
Path or URL where image will be pushed.
+

aliases: destination
+
+
+ format + +
+ string +
+
+
    Choices: +
  • oci
  • +
  • v2s1
  • +
  • v2s2
  • +
+
+
Manifest type to use when pushing an image using the 'dir' transport (default is manifest type of source).
+
+
+ remove_signatures + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Discard any pre-existing signatures in the image
+
+
+ sign_by + +
+ string +
+
+ +
Path to a key file to use to sign the image.
+
+
+ transport + +
+ string +
+
+
    Choices: +
  • dir
  • +
  • docker-archive
  • +
  • docker-daemon
  • +
  • oci-archive
  • +
  • ostree
  • +
+
+
Transport to use when pushing in image. If no transport is set, will attempt to push to a remote registry.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • present ←
  • +
  • absent
  • +
  • build
  • +
+
+
Whether an image should be present, absent, or built.
+
+
+ tag + +
+ string +
+
+ Default:
"latest"
+
+
Tag of the image to pull, push, or delete.
+
+
+ username + +
+ string +
+
+ +
username to use when authenticating to remote registries.
+
+
+ validate_certs + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Require HTTPS and validate certificates when pulling or pushing. Also used during build if a pull or push is necessary.
+

aliases: tlsverify, tls_verify
+
+
+
+

Examples¶

+
- name: Pull an image
+  containers.podman.podman_image:
+    name: quay.io/bitnami/wildfly
+
+- name: Remove an image
+  containers.podman.podman_image:
+    name: quay.io/bitnami/wildfly
+    state: absent
+
+- name: Remove an image with image id
+  containers.podman.podman_image:
+    name: 0e901e68141f
+    state: absent
+
+- name: Pull a specific version of an image
+  containers.podman.podman_image:
+    name: redis
+    tag: 4
+
+- name: Build a basic OCI image
+  containers.podman.podman_image:
+    name: nginx
+    path: /path/to/build/dir
+
+- name: Build a basic OCI image with advanced parameters
+  containers.podman.podman_image:
+    name: nginx
+    path: /path/to/build/dir
+    build:
+      cache: no
+      force_rm: yes
+      format: oci
+      annotation:
+        app: nginx
+        function: proxy
+        info: Load balancer for my cool app
+      extra_args: "--build-arg KEY=value"
+
+- name: Build a Docker formatted image
+  containers.podman.podman_image:
+    name: nginx
+    path: /path/to/build/dir
+    build:
+      format: docker
+
+- name: Build and push an image using existing credentials
+  containers.podman.podman_image:
+    name: nginx
+    path: /path/to/build/dir
+    push: yes
+    push_args:
+      dest: quay.io/acme
+
+- name: Build and push an image using an auth file
+  containers.podman.podman_image:
+    name: nginx
+    push: yes
+    auth_file: /etc/containers/auth.json
+    push_args:
+      dest: quay.io/acme
+
+- name: Build and push an image using username and password
+  containers.podman.podman_image:
+    name: nginx
+    push: yes
+    username: bugs
+    password: "{{ vault_registry_password }}"
+    push_args:
+      dest: quay.io/acme
+
+- name: Build and push an image to multiple registries
+  containers.podman.podman_image:
+    name: "{{ item }}"
+    path: /path/to/build/dir
+    push: yes
+    auth_file: /etc/containers/auth.json
+    loop:
+    - quay.io/acme/nginx
+    - docker.io/acme/nginx
+
+- name: Build and push an image to multiple registries with separate parameters
+  containers.podman.podman_image:
+    name: "{{ item.name }}"
+    tag: "{{ item.tag }}"
+    path: /path/to/build/dir
+    push: yes
+    auth_file: /etc/containers/auth.json
+    push_args:
+      dest: "{{ item.dest }}"
+    loop:
+    - name: nginx
+      tag: 4
+      dest: docker.io/acme
+
+    - name: nginx
+      tag: 3
+      dest: docker.io/acme
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ image + +
+ dictionary +
+
success +
Image inspection results for the image that was pulled, pushed, or built.
+
+
Sample:
+
[{'Annotations': {}, 'Architecture': 'amd64', 'Author': '', 'Comment': 'from Bitnami with love', 'ContainerConfig': {'Cmd': ['/run.sh'], 'Entrypoint': ['/app-entrypoint.sh'], 'Env': ['PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'IMAGE_OS=debian-9', 'NAMI_VERSION=1.0.0-1', 'GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net', 'TINI_VERSION=v0.13.2', 'TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7', 'GOSU_VERSION=1.10', 'GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4', 'BITNAMI_IMAGE_VERSION=16.0.0-debian-9-r27', 'BITNAMI_PKG_CHMOD=-R g+rwX', 'BITNAMI_PKG_EXTRA_DIRS=/home/wildfly', 'HOME=/', 'BITNAMI_APP_NAME=wildfly', 'NAMI_PREFIX=/.nami', 'WILDFLY_HOME=/home/wildfly', 'WILDFLY_JAVA_HOME=', 'WILDFLY_JAVA_OPTS=', 'WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990', 'WILDFLY_PASSWORD=bitnami', 'WILDFLY_PUBLIC_CONSOLE=true', 'WILDFLY_SERVER_AJP_PORT_NUMBER=8009', 'WILDFLY_SERVER_HTTP_PORT_NUMBER=8080', 'WILDFLY_SERVER_INTERFACE=0.0.0.0', 'WILDFLY_USERNAME=user', 'WILDFLY_WILDFLY_HOME=/home/wildfly', 'WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false'], 'ExposedPorts': {'8080/tcp': {}, '9990/tcp': {}}, 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}, 'User': '1001'}, 'Created': '2019-04-10T05:48:03.553887623Z', 'Digest': 'sha256:5a8ab28e314c2222de3feaf6dac94a0436a37fc08979d2722c99d2bef2619a9b', 'GraphDriver': {'Data': {'LowerDir': '/var/lib/containers/storage/overlay/142c1beadf1bb09fbd929465ec98c9dca3256638220450efb4214727d0d0680e/diff:/var/lib/containers/s', 'MergedDir': '/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/merged', 'UpperDir': '/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/diff', 'WorkDir': '/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/work'}, 'Name': 'overlay'}, 'History': [{'comment': 'from Bitnami with love', 'created': '2019-04-09T22:27:40.659377677Z'}, {'created': '2019-04-09T22:38:53.86336555Z', 'created_by': '/bin/sh -c #(nop) LABEL maintainer=Bitnami <containers@bitnami.com>', 'empty_layer': True}, {'created': '2019-04-09T22:38:54.022778765Z', 'created_by': '/bin/sh -c #(nop) ENV IMAGE_OS=debian-9', 'empty_layer': True}], 'Id': 'ace34da54e4af2145e1ad277005adb235a214e4dfe1114c2db9ab460b840f785', 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}, 'ManifestType': 'application/vnd.docker.distribution.manifest.v1+prettyjws', 'Os': 'linux', 'Parent': '', 'RepoDigests': ['quay.io/bitnami/wildfly@sha256:5a8ab28e314c2222de3feaf6dac94a0436a37fc08979d2722c99d2bef2619a9b'], 'RepoTags': ['quay.io/bitnami/wildfly:latest'], 'RootFS': {'Layers': ['', '', '', '', '', '', '', '', '', '', '', ''], 'Type': 'layers'}, 'Size': 466180019, 'User': '1001', 'Version': '18.09.3', 'VirtualSize': 466180019}]
+
+

+

Authors¶

+
    +
  • Sam Doran (@samdoran)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_import_module.html b/ansible_collections/containers/podman/docs/podman_import_module.html new file mode 100644 index 000000000..0d502c249 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_import_module.html @@ -0,0 +1,247 @@ + + + + + + + + containers.podman.podman_import – Import Podman container from a tar file. — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_import – Import Podman container from a tar file.¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_import.

+
+ +
+

Synopsis¶

+
    +
  • podman import imports a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) and saves it as a filesystem image.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ change + +
+ list + / elements=dictionary
+
+ +
Set changes as list of key-value pairs, see example.
+
+
+ commit_message + +
+ string +
+
+ +
Set commit message for imported image
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ src + +
+ string + / required
+
+ +
Path to image file to load.
+
+
+
+

Examples¶

+
# What modules does for example
+- containers.podman.podman_import:
+    src: /path/to/tar/file
+    change:
+      - "CMD": /bin/bash
+      - "User": root
+    commit_message: "Importing image"
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ image + +
+ dictionary +
+
always +
info from loaded image
+
+
Sample:
+
{'Annotations': {}, 'Architecture': 'amd64', 'Author': '', 'Comment': 'imported from tarball', 'Config': {}, 'Created': '2021-09-07T04:45:38.749977105+03:00', 'Digest': 'sha256:8730c75be86a718929a658db4663d487e562d66762....', 'GraphDriver': {'Data': {'UpperDir': '/home/...34/diff', 'WorkDir': '/home/.../work'}, 'Name': 'overlay'}, 'History': [{'comment': 'imported from tarball', 'created': '2021-09-07T04:45:38.749977105+03:00', 'created_by': '/bin/sh -c #(nop) ADD file:091... in /'}], 'Id': 'cbc6d73c4d232db6e8441df96af81855f62c74157b5db80a1d5...', 'Labels': None, 'ManifestType': 'application/vnd.oci.image.manifest.v1+json', 'NamesHistory': None, 'Os': 'linux', 'Parent': '', 'RepoDigests': [], 'RepoTags': [], 'RootFS': {'Layers': ['sha256:....'], 'Type': 'layers'}, 'Size': 5882449, 'User': '', 'Version': '', 'VirtualSize': 5882449}
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_load_module.html b/ansible_collections/containers/podman/docs/podman_load_module.html new file mode 100644 index 000000000..c7834c2f2 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_load_module.html @@ -0,0 +1,214 @@ + + + + + + + + containers.podman.podman_load – Load image from a tar file. — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_load – Load image from a tar file.¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_load.

+
+ +
+

Synopsis¶

+
    +
  • podman load loads an image from either an oci-archive or a docker-archive stored on the local machine into container storage. podman load is used for loading from the archive generated by podman save, that includes the image parent layers.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ input + +
+ string + / required
+
+ +
Path to image file to load.
+

aliases: path
+
+
+
+

Examples¶

+
# What modules does for example
+- containers.podman.podman_load:
+    input: /path/to/tar/file
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ image + +
+ dictionary +
+
always +
info from loaded image
+
+
Sample:
+
[{'Annotations': {}, 'Architecture': 'amd64', 'Author': '', 'Comment': 'from Bitnami with love', 'ContainerConfig': {'Cmd': ['nami', 'start', '--foreground', 'wildfly'], 'Entrypoint': ['/app-entrypoint.sh'], 'Env': ['PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'IMAGE_OS=debian-9', 'NAMI_VERSION=0.0.9-0', 'GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu', 'TINI_VERSION=v0.13.2', 'TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7', 'GOSU_VERSION=1.10', 'GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4', 'BITNAMI_IMAGE_VERSION=14.0.1-debian-9-r12', 'BITNAMI_APP_NAME=wildfly', 'WILDFLY_JAVA_HOME=', 'WILDFLY_JAVA_OPTS=', 'WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990', 'WILDFLY_PASSWORD=bitnami', 'WILDFLY_PUBLIC_CONSOLE=true', 'WILDFLY_SERVER_AJP_PORT_NUMBER=8009', 'WILDFLY_SERVER_HTTP_PORT_NUMBER=8080', 'WILDFLY_SERVER_INTERFACE=0.0.0.0', 'WILDFLY_USERNAME=user', 'WILDFLY_WILDFLY_HOME=/home/wildfly', 'WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false'], 'ExposedPorts': {'8080/tcp': {}, '9990/tcp': {}}, 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}}, 'Created': '2018-09-25T04:07:45.934395523Z', 'Digest': 'sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b', 'GraphDriver': {'Data': {'LowerDir': '/var/lib/containers/storage/overlay/a9dbf5616cc16919a8ac0dfc60aff87a72b5be52994c4649fcc91a089a12931f/diff:/var/lib/containers/storage/overlay/67129bd46022122a7d8b7acb490092af6c7ce244ce4fbd7d9e2d2b7f5979e090/diff:/var/lib/containers/storage/overlay/7c51242c4c5db5c74afda76d7fdbeab6965d8b21804bb3fc597dee09c770b0ca/diff:/var/lib/containers/storage/overlay/f97315dc58a9c002ba0cabccb9933d4b0d2113733d204188c88d72f75569b57b/diff:/var/lib/containers/storage/overlay/1dbde2dd497ddde2b467727125b900958a051a72561e58d29abe3d660dcaa9a7/diff:/var/lib/containers/storage/overlay/4aad9d80f30c3f0608f58173558b7554d84dee4dc4479672926eca29f75e6e33/diff:/var/lib/containers/storage/overlay/6751fc9b6868254870c062d75a511543fc8cfda2ce6262f4945f107449219632/diff:/var/lib/containers/storage/overlay/a27034d79081347421dd24d7e9e776c18271cd9a6e51053cb39af4d3d9c400e8/diff:/var/lib/containers/storage/overlay/537cf0045ed9cd7989f7944e7393019c81b16c1799a2198d8348cd182665397f/diff:/var/lib/containers/storage/overlay/27578615c5ae352af4e8449862d61aaf5c11b105a7d5905af55bd01b0c656d6e/diff:/var/lib/containers/storage/overlay/566542742840fe3034b3596f7cb9e62a6274c95a69f368f9e713746f8712c0b6/diff', 'MergedDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/merged', 'UpperDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/diff', 'WorkDir': '/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/work'}, 'Name': 'overlay'}, 'Id': 'bcacbdf7a119c0fa934661ca8af839e625ce6540d9ceb6827cdd389f823d49e0', 'Labels': {'maintainer': 'Bitnami <containers@bitnami.com>'}, 'ManifestType': 'application/vnd.docker.distribution.manifest.v1+prettyjws', 'Os': 'linux', 'Parent': '', 'RepoDigests': ['quay.io/bitnami/wildfly@sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b'], 'RepoTags': ['quay.io/bitnami/wildfly:latest'], 'RootFS': {'Layers': ['sha256:75391df2c87e076b0c2f72d20c95c57dc8be7ee684cc07273416cce622b43367', 'sha256:7dd303f041039bfe8f0833092673ac35f93137d10e0fbc4302021ea65ad57731', 'sha256:720d9edf0cd2a9bb56b88b80be9070dbfaad359514c70094c65066963fed485d', 'sha256:6a567ecbf97725501a634fcb486271999aa4591b633b4ae9932a46b40f5aaf47', 'sha256:59e9a6db8f178f3da868614564faabb2820cdfb69be32e63a4405d6f7772f68c', 'sha256:310a82ccb092cd650215ab375da8943d235a263af9a029b8ac26a281446c04db', 'sha256:36cb91cf4513543a8f0953fed785747ea18b675bc2677f3839889cfca0aac79e'], 'Type': 'layers'}, 'Size': 569919342, 'User': '', 'Version': '17.06.0-ce', 'VirtualSize': 569919342}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_login_info_module.html b/ansible_collections/containers/podman/docs/podman_login_info_module.html new file mode 100644 index 000000000..6f70b4ce2 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_login_info_module.html @@ -0,0 +1,235 @@ + + + + + + + + containers.podman.podman_login_info – Return the logged-in user if any for a given registry — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_login_info – Return the logged-in user if any for a given registry¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_login_info.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Return the logged-in user if any for a given registry.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ authfile + +
+ path +
+
+ +
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` (Not available for remote commands) You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ registry + +
+ string + / required
+
+ +
Registry server.
+
+
+
+

Examples¶

+
- name: Return the logged-in user for docker hub registry
+  containers.podman.podman_login_info:
+    registry: docker.io
+
+- name: Return the logged-in user for quay.io registry
+  containers.podman.podman_login_info:
+    registry: quay.io
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ login + +
+ dictionary +
+
always +
Logged in user for a registry
+
+
Sample:
+
{'logged_in': True, 'registry': 'docker.io', 'username': 'clelange'}
+
+

+

Authors¶

+
    +
  • Clemens Lange (@clelange)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_login_module.html b/ansible_collections/containers/podman/docs/podman_login_module.html new file mode 100644 index 000000000..1f77c15e2 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_login_module.html @@ -0,0 +1,271 @@ + + + + + + + + containers.podman.podman_login – Login to a container registry using podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_login – Login to a container registry using podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_login.

+
+ +
+

Synopsis¶

+
    +
  • Login to a container registry server using the podman login command If the registry is not specified, the first registry under [registries.search] from registries.conf `will be used. The path of the authentication file can be overridden by the user by setting the `authfile flag. The default path used is ${XDG_RUNTIME_DIR}/containers/auth.json.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ authfile + +
+ path +
+
+ +
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
+
+
+ certdir + +
+ path +
+
+ +
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ password + +
+ string + / required
+
+ +
Password for the registry server.
+
+
+ registry + +
+ string +
+
+ +
Registry server. If the registry is not specified, the first registry under `[registries.search]` from `registries.conf` will be used.
+
+
+ tlsverify + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Require HTTPS and verify certificates when contacting registries. If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+
+
+ username + +
+ string + / required
+
+ +
Username for the registry server.
+
+
+
+

Examples¶

+
- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: user
+    password: 'p4ssw0rd'
+
+- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: user
+    password: 'p4ssw0rd'
+    registry: quay.io
+
+
+
+

Authors¶

+
    +
  • Jason Hiatt (@jthiatt)

  • +
  • Clemens Lange (@clelange)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_logout_module.html b/ansible_collections/containers/podman/docs/podman_logout_module.html new file mode 100644 index 000000000..fb3817db9 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_logout_module.html @@ -0,0 +1,249 @@ + + + + + + + + containers.podman.podman_logout – Log out of a container registry using podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_logout – Log out of a container registry using podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_logout.

+
+ +
+

Synopsis¶

+
    +
  • Log out of a container registry server using the podman logout command by deleting the cached credentials stored in the auth.json file. If the registry is not specified, the first registry under [registries.search] from registries.conf `will be used. The path of the authentication file can be overridden by the user by setting the `authfile flag. The default path used is ${XDG_RUNTIME_DIR}/containers/auth.json. All the cached credentials can be removed by setting the all flag. Warning - podman will use credentials in ${HOME}/.docker/config.json to authenticate in case they are not found in the default authfile. However, the logout command will only removed credentials in the authfile specified.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ all + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Remove the cached credentials for all registries in the auth file.
+
+
+ authfile + +
+ path +
+
+ +
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ ignore_docker_credentials + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Credentials created using other tools such as `docker login` are not removed unless the corresponding `authfile` is explicitly specified. Since podman also uses existing credentials in these files by default (for docker e.g. `${HOME}/.docker/config.json`), module execution will fail if a docker login exists for the registry specified in any `authfile` is used by podman. This can be ignored by setting `ignore_docker_credentials` to `yes` - the credentials will be kept and `changed` will be false. This option cannot be used together with `all` since in this case podman will not check for existing `authfiles` created by other tools.
+
+
+ registry + +
+ string +
+
+ +
Registry server. If the registry is not specified, the first registry under `[registries.search]` from `registries.conf` will be used.
+
+
+
+

Examples¶

+
- name: Log out of default registry
+  podman_logout:
+
+- name: Log out of quay.io
+  podman_logout:
+    registry: quay.io
+
+- name: Log out of all registries in auth file
+  podman_logout:
+    all: yes
+
+- name: Log out of all registries in specified auth file
+  podman_logout:
+    authfile: $HOME/.docker/config.json
+    all: yes
+
+
+
+

Authors¶

+
    +
  • Clemens Lange (@clelange)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_network_info_module.html b/ansible_collections/containers/podman/docs/podman_network_info_module.html new file mode 100644 index 000000000..585252dee --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_network_info_module.html @@ -0,0 +1,219 @@ + + + + + + + + containers.podman.podman_network_info – Gather info about podman networks — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_network_info – Gather info about podman networks¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_network_info.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Gather info about podman networks with podman inspect command.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ name + +
+ string +
+
+ +
Name of the network
+
+
+
+

Examples¶

+
- name: Gather info about all present networks
+  containers.podman.podman_network_info:
+
+- name: Gather info about specific network
+  containers.podman.podman_network_info:
+    name: podman
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ networks + +
+ list + / elements=string
+
always +
Facts from all or specified networks
+
+
Sample:
+
[{'cniVersion': '0.4.0', 'name': 'podman', 'plugins': [{'bridge': 'cni-podman0', 'ipMasq': True, 'ipam': {'ranges': [[{'gateway': '10.88.0.1', 'subnet': '10.88.0.0/16'}]], 'routes': [{'dst': '0.0.0.0/0'}], 'type': 'host-local'}, 'isGateway': True, 'type': 'bridge'}, {'capabilities': {'portMappings': True}, 'type': 'portmap'}, {'backend': 'iptables', 'type': 'firewall'}]}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_network_module.html b/ansible_collections/containers/podman/docs/podman_network_module.html new file mode 100644 index 000000000..b3716c0d7 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_network_module.html @@ -0,0 +1,463 @@ + + + + + + + + containers.podman.podman_network – Manage podman networks — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_network – Manage podman networks¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_network.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Manage podman networks with podman network command.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Return additional information which can be helpful for investigations.
+
+
+ disable_dns + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
disable dns plugin (default "false")
+
+
+ driver + +
+ string +
+
+ +
Driver to manage the network (default "bridge")
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ gateway + +
+ string +
+
+ +
IPv4 or IPv6 gateway for the subnet
+
+
+ internal + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Restrict external access from this network (default "false")
+
+
+ ip_range + +
+ string +
+
+ +
Allocate container IP from range
+
+
+ ipv6 + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. The subnet option must be used with the ipv6 option.
+
+
+ macvlan + +
+ string +
+
+ +
Create a Macvlan connection based on this device
+
+
+ name + +
+ string + / required
+
+ +
Name of the network
+
+
+ opt + +
+ dictionary +
+
+ +
Add network options. Currently 'vlan' and 'mtu' are supported.
+
+
+ mtu + +
+ integer +
+
+ +
MTU size for bridge network interface.
+
+
+ vlan + +
+ integer +
+
+ +
VLAN tag for bridge which enables vlan_filtering.
+
+
+ recreate + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Recreate network even if exists.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of network, default 'present'
+
+
+ subnet + +
+ string +
+
+ +
Subnet in CIDR format
+
+
+
+

Examples¶

+
- name: Create a podman network
+  containers.podman.podman_network:
+    name: podman_network
+  become: true
+
+- name: Create internal podman network
+  containers.podman.podman_network:
+    name: podman_internal
+    internal: true
+    ip_range: 192.168.22.128/25
+    subnet: 192.168.22.0/24
+    gateway: 192.168.22.1
+  become: true
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ network + +
+ list + / elements=string
+
always +
Facts from created or updated networks
+
+
Sample:
+
[{'cniVersion': '0.4.0', 'name': 'podman', 'plugins': [{'bridge': 'cni-podman0', 'ipMasq': True, 'ipam': {'ranges': [[{'gateway': '10.88.0.1', 'subnet': '10.88.0.0/16'}]], 'routes': [{'dst': '0.0.0.0/0'}], 'type': 'host-local'}, 'isGateway': True, 'type': 'bridge'}, {'capabilities': {'portMappings': True}, 'type': 'portmap'}, {'backend': 'iptables', 'type': 'firewall'}]}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_play_module.html b/ansible_collections/containers/podman/docs/podman_play_module.html new file mode 100644 index 000000000..a4413b0b4 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_play_module.html @@ -0,0 +1,424 @@ + + + + + + + + containers.podman.podman_play – Play kubernetes YAML file using podman — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_play – Play kubernetes YAML file using podman¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_play.

+
+ +
+

Synopsis¶

+
    +
  • The module reads in a structured file of Kubernetes YAML. It will then recreate the pod and containers described in the YAML.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ authfile + +
+ path +
+
+ +
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login. Note - You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path
+
+
+ cert_dir + +
+ path +
+
+ +
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d. (This option is not available with the remote Podman client)
+
+
+ configmap + +
+ list + / elements=path
+
+ +
Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod. Note - The configmap option can be used multiple times to pass multiple Kubernetes configmap YAMLs
+
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable debug for the module.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Name of executable to run, by default 'podman'
+
+
+ kube_file + +
+ path + / required
+
+ +
Path to file with YAML configuration for a Pod.
+
+
+ log_driver + +
+ string +
+
+ +
Set logging driver for all created containers.
+
+
+ log_level + +
+ string +
+
+
    Choices: +
  • debug
  • +
  • info
  • +
  • warn
  • +
  • error
  • +
  • fatal
  • +
  • panic
  • +
+
+
Set logging level for podman calls. Log messages above specified level ("debug"|"info"|"warn"|"error"|"fatal"|"panic") (default "error")
+
+
+ network + +
+ list + / elements=string
+
+ +
List of the names of CNI networks the pod should join.
+
+
+ password + +
+ string +
+
+ +
The username and password to use to authenticate with the registry if required.
+
+
+ quiet + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Hide image pulls logs from output.
+
+
+ recreate + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
If pod already exists, delete it and run the new one.
+
+
+ seccomp_profile_root + +
+ path +
+
+ +
Directory path for seccomp profiles (default is "/var/lib/kubelet/seccomp"). This option is not available with the remote Podman client
+
+
+ state + +
+ string + / required
+
+
    Choices: +
  • created
  • +
  • started
  • +
  • absent
  • +
+
+
Start the pod after creating it, or to leave it created only.
+
+
+ tls_verify + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Require HTTPS and verify certificates when contacting registries (default is true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+
+
+ username + +
+ string +
+
+ +
The username and password to use to authenticate with the registry if required.
+
+
+
+

Examples¶

+
- name: Play kube file
+  containers.podman.podman_play:
+    kube_file: ~/kube.yaml
+    state: started
+
+
+
+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_pod_info_module.html b/ansible_collections/containers/podman/docs/podman_pod_info_module.html new file mode 100644 index 000000000..bca913152 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_pod_info_module.html @@ -0,0 +1,219 @@ + + + + + + + + containers.podman.podman_pod_info – Gather info about podman pods — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_pod_info – Gather info about podman pods¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_pod_info.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Gather info about podman pods with podman inspect command.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ name + +
+ string +
+
+ +
Name of the pod
+
+
+
+

Examples¶

+
- name: Gather info about all present pods
+  containers.podman.podman_pod_info:
+
+- name: Gather info about specific pods
+  containers.podman.podman_pod_info:
+    name: special_pod
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ pods + +
+ list + / elements=string
+
always +
Facts from all or specified pods
+
+
Sample:
+
[{'Config': {'cgroupParent': '/libpod_parent', 'created': '2020-07-13T20:29:12.572282186+03:00', 'hostname': 'pod1host', 'id': 'd9cb6dbb0....', 'infraConfig': {'infraPortBindings': [{'containerPort': 7111, 'hostIP': '', 'hostPort': 7777, 'protocol': 'tcp'}], 'makeInfraContainer': True}, 'labels': {}, 'lockID': 682, 'name': 'pod1', 'sharesCgroup': True, 'sharesIpc': True, 'sharesNet': True, 'sharesUts': True}, 'Containers': [{'id': 'ad46737bf....', 'state': 'configured'}], 'State': {'cgroupPath': '/libpod_parent/d9cb6dbb0....', 'infraContainerID': 'ad46737bf....', 'status': 'Created'}}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_pod_module.html b/ansible_collections/containers/podman/docs/podman_pod_module.html new file mode 100644 index 000000000..9fb77f947 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_pod_module.html @@ -0,0 +1,1010 @@ + + + + + + + + containers.podman.podman_pod – Manage Podman pods — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_pod – Manage Podman pods¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_pod.

+
+
+

New in version 1.0.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Manage podman pods.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ add_host + +
+ list + / elements=string
+
+ +
Add a host to the /etc/hosts file shared between all containers in the pod.
+
+
+ cgroup_parent + +
+ string +
+
+ +
Path to cgroups under which the cgroup for the pod will be created. If the path is not absolute, he path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
+
+
+ cpus + +
+ string +
+
+ +
Set the total number of CPUs delegated to the pod. Default is 0.000 which indicates that there is no limit on computation power.
+
+
+ cpuset_cpus + +
+ string +
+
+ +
Limit the CPUs to support execution. First CPU is numbered 0. Unlike `cpus` this is of type string and parsed as a list of numbers. Format is 0-3,0,1
+
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Return additional information which can be helpful for investigations.
+
+
+ device + +
+ list + / elements=string
+
+ +
Add a host device to the pod. Optional permissions parameter can be used to specify device permissions. It is a combination of r for read, w for write, and m for mknod(2)
+
+
+ device_read_bps + +
+ list + / elements=string
+
+ +
Limit read rate (bytes per second) from a device (e.g. device-read-bps=/dev/sda:1mb)
+
+
+ dns + +
+ list + / elements=string
+
+ +
Set custom DNS servers in the /etc/resolv.conf file that will be shared between all containers in the pod. A special option, "none" is allowed which disables creation of /etc/resolv.conf for the pod.
+
+
+ dns_opt + +
+ list + / elements=string
+
+ +
Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod.
+
+ + dns_search + +
+ list + / elements=string
+
+ +
Set custom DNS search domains in the /etc/resolv.conf file that will be shared between all containers in the pod.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ generate_systemd + +
+ dictionary +
+
+ Default:
{}
+
+
Generate systemd unit file for container.
+
+
+ after + +
+ list + / elements=string
+
+ +
Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.
+
+
+ container_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for containers. The default is "container".
+
+
+ names + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Use names of the containers for the start, stop, and description in the unit file. Default is true.
+
+
+ new + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Create containers and pods when the unit is started instead of expecting them to exist. The default is "false". Refer to podman-generate-systemd(1) for more information.
+
+
+ no_header + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Do not generate the header including meta data such as the Podman version and the timestamp. From podman version 3.1.0.
+
+
+ path + +
+ string +
+
+ +
Specify a path to the directory where unit files will be generated. Required for this option. If it doesn't exist, the directory will be created.
+
+
+ pod_prefix + +
+ string +
+
+ +
Set the systemd unit name prefix for pods. The default is "pod".
+
+
+ requires + +
+ list + / elements=string
+
+ +
Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.
+
+
+ restart_policy + +
+ string +
+
+
    Choices: +
  • no
  • +
  • on-success
  • +
  • on-failure
  • +
  • on-abnormal
  • +
  • on-watchdog
  • +
  • on-abort
  • +
  • always
  • +
+
+
Specify a restart policy for the service. The restart-policy must be one of "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always". The default policy is "on-failure".
+
+
+ separator + +
+ string +
+
+ +
Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is "-" (dash).
+
+
+ time + +
+ integer +
+
+ +
Override the default stop timeout for the container with the given value.
+
+
+ wants + +
+ list + / elements=string
+
+ +
Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.
+
+
+ gidmap + +
+ list + / elements=string
+
+ +
GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `userns` and `subgidname` flags.
+
+
+ hostname + +
+ string +
+
+ +
Set a hostname to the pod
+
+
+ infra + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default is true.
+
+
+ infra_command + +
+ string +
+
+ +
The command that will be run to start the infra container. Default is "/pause".
+
+
+ infra_conmon_pidfile + +
+ string +
+
+ +
Write the pid of the infra container's conmon process to a file. As conmon runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods.
+
+
+ infra_image + +
+ string +
+
+ +
The image that will be created for the infra container. Default is "k8s.gcr.io/pause:3.1".
+
+
+ infra_name + +
+ string +
+
+ +
The name that will be used for the pod's infra container.
+
+
+ ip + +
+ string +
+
+ +
Set a static IP for the pod's shared network.
+
+
+ label + +
+ dictionary +
+
+ +
Add metadata to a pod, pass dictionary of label keys and values.
+
+
+ label_file + +
+ string +
+
+ +
Read in a line delimited file of labels.
+
+
+ mac_address + +
+ string +
+
+ +
Set a static MAC address for the pod's shared network.
+
+
+ name + +
+ string + / required
+
+ +
Assign a name to the pod.
+
+
+ network + +
+ list + / elements=string
+
+ +
Set network mode for the pod. Supported values are bridge (the default), host (do not create a network namespace, all containers in the pod will use the host's network), or a list of names of CNI networks to join.
+
+
+ network_alias + +
+ list + / elements=string
+
+ +
Add a network-scoped alias for the pod, setting the alias for all networks that the pod joins. To set a name only for a specific network, use the alias option as described under the -`network` option. Network aliases work only with the bridge networking mode. This option can be specified multiple times.
+

aliases: network_aliases
+
+
+ no_hosts + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Disable creation of /etc/hosts for the pod.
+
+
+ pid + +
+ string +
+
+ +
Set the PID mode for the pod. The default is to create a private PID namespace for the pod. Requires the PID namespace to be shared via `share` option.
+
+
+ pod_id_file + +
+ string +
+
+ +
Write the pod ID to the file.
+
+
+ publish + +
+ list + / elements=string
+
+ +
Publish a port or range of ports from the pod to the host.
+

aliases: ports
+
+
+ recreate + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Use with present and started states to force the re-creation of an existing pod.
+
+
+ share + +
+ string +
+
+ +
A comma delimited list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are ipc, net, pid, user, uts.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • created ←
  • +
  • killed
  • +
  • restarted
  • +
  • absent
  • +
  • started
  • +
  • stopped
  • +
  • paused
  • +
  • unpaused
  • +
+
+
This variable is set for state
+
+
+ subgidname + +
+ string +
+
+ +
Name for GID map from the /etc/subgid file. Using this flag will run the container with user namespace enabled. This flag conflicts with `userns` and `gidmap`.
+
+
+ subuidname + +
+ string +
+
+ +
Name for UID map from the /etc/subuid file. Using this flag will run the container with user namespace enabled. This flag conflicts with `userns` and `uidmap`.
+
+
+ uidmap + +
+ list + / elements=string
+
+ +
Run the container in a new user namespace using the supplied mapping. This option conflicts with the `userns` and `subuidname` options. This option provides a way to map host UIDs to container UIDs. It can be passed several times to map different ranges.
+
+
+ userns + +
+ string +
+
+ +
Set the user namespace mode for all the containers in a pod. It defaults to the PODMAN_USERNS environment variable. An empty value ("") means user namespaces are disabled.
+
+
+ volume + +
+ list + / elements=string
+
+ +
Create a bind mount.
+

aliases: volumes
+
+
+
+

Examples¶

+
# What modules does for example
+- podman_pod:
+    name: pod1
+    state: started
+    ports:
+      - "4444:5555"
+
+# Connect random port from localhost to port 80 on pod2
+- name: Connect random port from localhost to port 80 on pod2
+  containers.podman.podman_pod:
+    name: pod2
+    state: started
+    publish: "127.0.0.1::80"
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ pod + +
+ dictionary +
+
always +
Pod inspection results for the given pod built.
+
+
Sample:
+
{'Config': {'cgroupParent': '/libpod_parent', 'created': '2020-06-14T15:16:12.230818767+03:00', 'hostname': 'newpod', 'id': 'a5a5c6cdf8c72272fc5c33f787e8d7501e2fa0c1e92b2b602860defdafeeec58', 'infraConfig': {'infraPortBindings': None, 'makeInfraContainer': True}, 'labels': {}, 'lockID': 515, 'name': 'newpod', 'sharesCgroup': True, 'sharesIpc': True, 'sharesNet': True, 'sharesUts': True}, 'Containers': [{'id': 'dc70a947c7ae15198ec38b3c817587584085dee3919cbeb9969e3ab77ba10fd2', 'state': 'configured'}], 'State': {'cgroupPath': '/libpod_parent/a5a5c6cdf8c72272fc5c33f787e8d7501e2fa0c1e92b2b602860defdafeeec58', 'infraContainerID': 'dc70a947c7ae15198ec38b3c817587584085dee3919cbeb9969e3ab77ba10fd2', 'status': 'Created'}}
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_save_module.html b/ansible_collections/containers/podman/docs/podman_save_module.html new file mode 100644 index 000000000..cb7002f3c --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_save_module.html @@ -0,0 +1,280 @@ + + + + + + + + containers.podman.podman_save – Saves podman image to tar file — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_save – Saves podman image to tar file¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_save.

+
+ +
+

Synopsis¶

+
    +
  • podman save saves an image to either docker-archive, oci-archive, oci-dir (directory with oci manifest type), or docker-dir (directory with v2s2 manifest type) on the local machine, default is docker-archive.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ compress + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source)
+
+
+ dest + +
+ string + / required
+
+ +
Destination file to write image to.
+

aliases: path
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ force + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Force saving to file even if it exists.
+
+
+ format + +
+ string +
+
+
    Choices: +
  • docker-archive
  • +
  • oci-archive
  • +
  • oci-dir
  • +
  • docker-dir
  • +
+
+
Save image to docker-archive, oci-archive (see containers-transports(5)), oci-dir (oci transport), or docker-dir (dir transport with v2s2 manifest type).
+
+
+ image + +
+ string + / required
+
+ +
Image to save.
+
+
+ multi_image_archive + +
+ boolean +
+
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Allow for creating archives with more than one image. Additional names will be interpreted as images instead of tags. Only supported for docker-archive.
+
+
+
+

Examples¶

+
# What modules does for example
+- containers.podman.podman_save:
+    dest: /path/to/tar/file
+    compress: true
+    format: oci-dir
+
+
+
+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_secret_module.html b/ansible_collections/containers/podman/docs/podman_secret_module.html new file mode 100644 index 000000000..e6463dc31 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_secret_module.html @@ -0,0 +1,310 @@ + + + + + + + + containers.podman.podman_secret – Manage podman secrets — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_secret – Manage podman secrets¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_secret.

+
+
+

New in version 1.7.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Manage podman secrets

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ data + +
+ string +
+
+ +
The value of the secret. Required when state is present.
+
+
+ driver + +
+ string +
+
+ +
Override default secrets driver, currently podman uses file which is unencrypted.
+
+
+ driver_opts + +
+ dictionary +
+
+ +
Driver-specific key-value options.
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ force + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Use it when state is present to remove and recreate an existing secret.
+
+
+ name + +
+ string + / required
+
+ +
The name of the secret.
+
+
+ skip_existing + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Use it when state is present and secret with the same name already exists. If set to true, the secret will NOT be recreated and remains as is.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • absent
  • +
  • present ←
  • +
+
+
Whether to create or remove the named secret.
+
+
+
+

Examples¶

+
- name: Create secret
+  containers.podman.podman_secret:
+    state: present
+    name: mysecret
+    data: "my super secret content"
+
+- name: Create container that uses the secret
+  containers.podman.podman_container:
+    name: showmysecret
+    image: docker.io/alpine:3.14
+    secrets:
+      - mysecret
+    detach: false
+    command: cat /run/secrets/mysecret
+    register: container
+
+- name: Output secret data
+  debug:
+    msg: '{{ container.stdout }}'
+
+- name: Remove secret
+  containers.podman.podman_secret:
+    state: absent
+    name: mysecret
+
+
+
+

Authors¶

+
    +
  • Aliaksandr Mianzhynski (@amenzhinsky)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_tag_module.html b/ansible_collections/containers/podman/docs/podman_tag_module.html new file mode 100644 index 000000000..24e3817ee --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_tag_module.html @@ -0,0 +1,202 @@ + + + + + + + + containers.podman.podman_tag – Add an additional name to a local image — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_tag – Add an additional name to a local image¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_tag.

+
+ +
+

Synopsis¶

+
    +
  • podman tag adds one or more additional names to locally-stored image.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ image + +
+ string + / required
+
+ +
Image to tag.
+
+
+ target_names + +
+ list + / elements=string / required
+
+ +
Additional names.
+
+
+
+

Examples¶

+
# What modules does for example
+- containers.podman.podman_tag:
+    image: docker.io/continuumio/miniconda3
+    target_names:
+      - miniconda3
+      - miniconda
+
+
+
+

Authors¶

+
    +
  • Christian Bourque (@ocafebabe)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_unshare_become.html b/ansible_collections/containers/podman/docs/podman_unshare_become.html new file mode 100644 index 000000000..115cc7293 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_unshare_become.html @@ -0,0 +1,311 @@ + + + + + + + + containers.podman.podman_unshare – Run tasks using podman unshare — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_unshare – Run tasks using podman unshare¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_unshare.

+
+
+

New in version 1.9.0: of containers.podman

+
+ +
+

Synopsis¶

+ +
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsConfigurationComments
+
+ become_exe + +
+ string +
+
+ Default:
"sudo"
+
+
ini entries: +

+ [privilege_escalation]
become_exe = sudo +

+

+ [sudo_become_plugin]
executable = sudo +

+
+
+ env:ANSIBLE_BECOME_EXE +
+
+ env:ANSIBLE_SUDO_EXE +
+
+ var: ansible_become_exe +
+
+ var: ansible_sudo_exe +
+
+
Sudo executable
+
+
+ become_pass + +
+ string +
+
+ +
ini entries: +

+ [sudo_become_plugin]
password = None +

+
+
+ env:ANSIBLE_BECOME_PASS +
+
+ env:ANSIBLE_SUDO_PASS +
+
+ var: ansible_become_password +
+
+ var: ansible_become_pass +
+
+ var: ansible_sudo_pass +
+
+
Password to pass to sudo
+
+
+ become_user + +
+ string +
+
+ Default:
"root"
+
+
ini entries: +

+ [privilege_escalation]
become_user = root +

+

+ [sudo_become_plugin]
user = root +

+
+
+ env:ANSIBLE_BECOME_USER +
+
+ env:ANSIBLE_SUDO_USER +
+
+ var: ansible_become_user +
+
+ var: ansible_sudo_user +
+
+
User you 'become' to execute the task
+
+
+
+

Examples¶

+
- name: checking uid of file 'foo'
+  ansible.builtin.stat:
+    path: "{{ test_dir }}/foo"
+  register: foo
+- ansible.builtin.debug:
+    var: foo.stat.uid
+# The output shows that it's owned by the login user
+# ok: [test_host] => {
+#     "foo.stat.uid": "1003"
+# }
+
+- name: mounting the file to an unprivileged container and modifying its owner
+  containers.podman.podman_container:
+    name: chmod_foo
+    image: alpine
+    rm: yes
+    volume:
+    - "{{ test_dir }}:/opt/test:z"
+    command: chown 1000 /opt/test/foo
+
+# Now the file 'foo' is owned by the container uid 1000,
+# which is mapped to something completaly different on the host.
+# It creates a situation when the file is unaccessible to the host user (uid 1003)
+# Running stat again, debug output will be like this:
+# ok: [test_host] => {
+#     "foo.stat.uid": "328679"
+# }
+
+- name: running stat in modified user namespace
+  become_method: containers.podman.podman_unshare
+  become: yes
+  ansible.builtin.stat:
+    path: "{{ test_dir }}/foo"
+  register: foo
+# By gathering file stats with podman_ushare
+# we can see the uid set in the container:
+# ok: [test_host] => {
+#     "foo.stat.uid": "1000"
+# }
+
+- name: resetting file ownership with podman unshare
+  become_method: containers.podman.podman_unshare
+  become: yes
+  ansible.builtin.file:
+    state: file
+    path: "{{ test_dir }}/foo"
+    owner: 0  # in a modified user namespace host uid is mapped to 0
+# If we run stat and debug with 'become: no',
+# we can see that the file is ours again:
+# ok: [test_host] => {
+#     "foo.stat.uid": "1003"
+# }
+
+
+
+

Authors¶

+
    +
  • Janos Gerzson (@grzs)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_volume_info_module.html b/ansible_collections/containers/podman/docs/podman_volume_info_module.html new file mode 100644 index 000000000..0b045908f --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_volume_info_module.html @@ -0,0 +1,216 @@ + + + + + + + + containers.podman.podman_volume_info – Gather info about podman volumes — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_volume_info – Gather info about podman volumes¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_volume_info.

+
+ +
+

Synopsis¶

+
    +
  • Gather info about podman volumes with podman inspect command.

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • Podman installed on host

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ name + +
+ string +
+
+ +
Name of the volume
+
+
+
+

Examples¶

+
- name: Gather info about all present volumes
+  podman_volume_info:
+
+- name: Gather info about specific volume
+  podman_volume_info:
+    name: specific_volume
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ volumes + +
+ list + / elements=string
+
always +
Facts from all or specified volumes
+
+
Sample:
+
[{'driver': 'local', 'labels': {}, 'mountPoint': '/home/ansible/.local/share/testvolume/_data', 'name': 'testvolume', 'options': {}, 'scope': 'local'}]
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/podman_volume_module.html b/ansible_collections/containers/podman/docs/podman_volume_module.html new file mode 100644 index 000000000..ef6400aa0 --- /dev/null +++ b/ansible_collections/containers/podman/docs/podman_volume_module.html @@ -0,0 +1,325 @@ + + + + + + + + containers.podman.podman_volume – Manage Podman volumes — Python documentation + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +
+

containers.podman.podman_volume – Manage Podman volumes¶

+
+

Note

+

This plugin is part of the containers.podman collection (version 1.10.1).

+

To install it use: ansible-galaxy collection install containers.podman.

+

To use it in a playbook, specify: containers.podman.podman_volume.

+
+
+

New in version 1.1.0: of containers.podman

+
+ +
+

Synopsis¶

+
    +
  • Manage Podman volumes

  • +
+
+
+

Requirements¶

+

The below requirements are needed on the host that executes this module.

+
    +
  • podman

  • +
+
+
+

Parameters¶

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ debug + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Return additional information which can be helpful for investigations.
+
+
+ driver + +
+ string +
+
+ +
Specify volume driver name (default local).
+
+
+ executable + +
+ string +
+
+ Default:
"podman"
+
+
Path to podman executable if it is not in the $PATH on the machine running podman
+
+
+ label + +
+ dictionary +
+
+ +
Add metadata to a pod volume (e.g., label com.example.key=value).
+
+
+ name + +
+ string + / required
+
+ +
Name of volume.
+
+
+ options + +
+ list + / elements=string
+
+ +
Set driver specific options. For example 'device=tpmfs', 'type=tmpfs'. UID and GID idempotency is not supported due to changes in podman.
+
+
+ recreate + +
+ boolean +
+
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Recreate volume even if exists.
+
+
+ state + +
+ string +
+
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of volume, default 'present'
+
+
+
+

Examples¶

+
# What modules does for example
+- podman_volume:
+    state: present
+    name: volume1
+    label:
+      key: value
+      key2: value2
+    options:
+      - "device=/dev/loop1"
+      - "type=ext4"
+
+
+
+
+

Return Values¶

+

Common return values are documented here, the following are the fields unique to this module:

+ + + + + + + + + + + +
KeyReturnedDescription
+
+ volume + +
+ dictionary +
+
always +
Volume inspection results if exists.
+
+
Sample:
+
{'CreatedAt': '2020-06-05T16:38:55.277628769+03:00', 'Driver': 'local', 'Labels': {'key.com': 'value', 'key.org': 'value2'}, 'Mountpoint': '/home/user/.local/share/containers/storage/volumes/test/_data', 'Name': 'test', 'Options': {}, 'Scope': 'local'}
+
+

+

Authors¶

+
    +
  • Sagi Shnaidman (@sshnaidm)

  • +
+
+
+
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/docs/search.html b/ansible_collections/containers/podman/docs/search.html new file mode 100644 index 000000000..3057e9a7f --- /dev/null +++ b/ansible_collections/containers/podman/docs/search.html @@ -0,0 +1,121 @@ + + + + + + + + Search — Python documentation + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+ +

Search

+ + + + +

+ Searching for multiple words only shows matches that contain + all words. +

+ + +
+ + + +
+ + + +
+ +
+ + +
+ +
+
+ +
+
+ + + + + + + \ No newline at end of file diff --git a/ansible_collections/containers/podman/galaxy.yml.in b/ansible_collections/containers/podman/galaxy.yml.in new file mode 100644 index 000000000..9c40e3f41 --- /dev/null +++ b/ansible_collections/containers/podman/galaxy.yml.in @@ -0,0 +1,30 @@ +namespace: containers +name: podman +# version: +readme: README.md +authors: + - Sagi Shnaidman + - Ansible team +description: Podman container Ansible modules +license: GPL-3.0-or-later +tags: + - containers + - podman + - libpod +dependencies: {} +repository: https://github.com/containers/ansible-podman-collections.git +documentation: https://github.com/containers/ansible-podman-collections +homepage: https://github.com/containers/ansible-podman-collections +issues: https://github.com/containers/ansible-podman-collections/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc +build_ignore: + - ci + - tests/output + - build_artifact + - "*.tar.gz" + - ".gitignore" + - ".history" + - ".vscode" + - ".idea" + - ".github" + - contrib + - importer_result.json diff --git a/ansible_collections/containers/podman/meta/runtime.yml b/ansible_collections/containers/podman/meta/runtime.yml new file mode 100644 index 000000000..9c1d2462a --- /dev/null +++ b/ansible_collections/containers/podman/meta/runtime.yml @@ -0,0 +1,2 @@ +--- +requires_ansible: ">=2.8" diff --git a/ansible_collections/containers/podman/plugins/become/podman_unshare.py b/ansible_collections/containers/podman/plugins/become/podman_unshare.py new file mode 100644 index 000000000..6453f2397 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/become/podman_unshare.py @@ -0,0 +1,144 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2022 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# Written by Janos Gerzson (grzs@backendo.com) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = """ + name: podman_unshare + short_description: Run tasks using podman unshare + description: + - "This become plugins allows your remote/login user + to execute commands in its container user namespace. + Official documentation: https://docs.podman.io/en/latest/markdown/podman-unshare.1.html" + author: + - Janos Gerzson (@grzs) + version_added: 1.9.0 + options: + become_user: + description: User you 'become' to execute the task ('root' is not a valid value here). + ini: + - section: privilege_escalation + key: become_user + - section: sudo_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_sudo_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_SUDO_USER + become_exe: + description: Sudo executable + default: sudo + ini: + - section: privilege_escalation + key: become_exe + - section: sudo_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_sudo_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_SUDO_EXE + become_pass: + description: Password to pass to sudo + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_sudo_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_SUDO_PASS + ini: + - section: sudo_become_plugin + key: password +""" + +EXAMPLES = """ +- name: checking uid of file 'foo' + ansible.builtin.stat: + path: "{{ test_dir }}/foo" + register: foo +- ansible.builtin.debug: + var: foo.stat.uid +# The output shows that it's owned by the login user +# ok: [test_host] => { +# "foo.stat.uid": "1003" +# } + +- name: mounting the file to an unprivileged container and modifying its owner + containers.podman.podman_container: + name: chmod_foo + image: alpine + rm: true + volume: + - "{{ test_dir }}:/opt/test:z" + command: chown 1000 /opt/test/foo + +# Now the file 'foo' is owned by the container uid 1000, +# which is mapped to something completaly different on the host. +# It creates a situation when the file is unaccessible to the host user (uid 1003) +# Running stat again, debug output will be like this: +# ok: [test_host] => { +# "foo.stat.uid": "328679" +# } + +- name: running stat in modified user namespace + become_method: containers.podman.podman_unshare + become: true + ansible.builtin.stat: + path: "{{ test_dir }}/foo" + register: foo +# By gathering file stats with podman_ushare +# we can see the uid set in the container: +# ok: [test_host] => { +# "foo.stat.uid": "1000" +# } + +- name: resetting file ownership with podman unshare + become_method: containers.podman.podman_unshare + become: true + ansible.builtin.file: + state: file + path: "{{ test_dir }}/foo" + owner: 0 # in a modified user namespace host uid is mapped to 0 +# If we run stat and debug with 'become: false', +# we can see that the file is ours again: +# ok: [test_host] => { +# "foo.stat.uid": "1003" +# } +""" + + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'containers.podman.podman_unshare' + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + becomecmd = 'podman unshare' + + user = self.get_option('become_user') or 'root' + if user != 'root': + cmdlist = [self.get_option('become_exe') or 'sudo'] + # -i is required, because + # podman unshare should be executed in a login shell to avoid chdir permission errors + cmdlist.append('-iu %s' % user) + if self.get_option('become_pass'): + self.prompt = '[sudo podman unshare via ansible, key=%s] password:' % self._id + cmdlist.append('-p "%s"' % self.prompt) + cmdlist.append('-- %s' % becomecmd) + becomecmd = ' '.join(cmdlist) + + return ' '.join([becomecmd, self._build_success_command(cmd, shell)]) diff --git a/ansible_collections/containers/podman/plugins/connection/__init__.py b/ansible_collections/containers/podman/plugins/connection/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/plugins/connection/buildah.py b/ansible_collections/containers/podman/plugins/connection/buildah.py new file mode 100644 index 000000000..69fc63c47 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/connection/buildah.py @@ -0,0 +1,203 @@ +# Based on the docker connection plugin +# Copyright (c) 2017 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# Connection plugin for building container images using buildah tool +# https://github.com/projectatomic/buildah +# +# Written by: Tomas Tomecek (https://github.com/TomasTomecek) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +DOCUMENTATION = ''' + short_description: Interact with an existing buildah container + description: + - Run commands or put/fetch files to an existing container using buildah tool. + author: Tomas Tomecek (@TomasTomecek) + name: buildah + options: + remote_addr: + description: + - The ID of the container you want to access. + default: inventory_hostname + vars: + - name: ansible_host + - name: inventory_hostname +# keyword: +# - name: hosts + remote_user: + description: + - User specified via name or ID which is used to execute commands inside the container. + ini: + - section: defaults + key: remote_user + env: + - name: ANSIBLE_REMOTE_USER + vars: + - name: ansible_user +# keyword: +# - name: remote_user +''' + +import os +import shlex +import shutil +import subprocess + +from ansible.errors import AnsibleError +from ansible.module_utils._text import to_bytes, to_native, to_text +from ansible.plugins.connection import ConnectionBase, ensure_connect +from ansible.utils.display import Display + +display = Display() + + +# this _has to be_ named Connection +class Connection(ConnectionBase): + """ + This is a connection plugin for buildah: it uses buildah binary to interact with the containers + """ + + # String used to identify this Connection class from other classes + transport = 'containers.podman.buildah' + has_pipelining = True + + def __init__(self, play_context, new_stdin, *args, **kwargs): + super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) + + self._container_id = self._play_context.remote_addr + self._connected = False + # container filesystem will be mounted here on host + self._mount_point = None + # `buildah inspect` doesn't contain info about what the default user is -- if it's not + # set, it's empty + self.user = self._play_context.remote_user + display.vvvv("Using buildah connection from collection") + + def _set_user(self): + self._buildah(b"config", [b"--user=" + to_bytes(self.user, errors='surrogate_or_strict')]) + + def _buildah(self, cmd, cmd_args=None, in_data=None, outfile_stdout=None): + """ + run buildah executable + + :param cmd: buildah's command to execute (str) + :param cmd_args: list of arguments to pass to the command (list of str/bytes) + :param in_data: data passed to buildah's stdin + :param outfile_stdout: file for writing STDOUT to + :return: return code, stdout, stderr + """ + buildah_exec = 'buildah' + local_cmd = [buildah_exec] + + if isinstance(cmd, str): + local_cmd.append(cmd) + else: + local_cmd.extend(cmd) + if self.user and self.user != 'root': + if cmd == 'run': + local_cmd.extend(("--user", self.user)) + elif cmd == 'copy': + local_cmd.extend(("--chown", self.user)) + local_cmd.append(self._container_id) + + if cmd_args: + if isinstance(cmd_args, str): + local_cmd.append(cmd_args) + else: + local_cmd.extend(cmd_args) + + local_cmd = [to_bytes(i, errors='surrogate_or_strict') + for i in local_cmd] + + display.vvv("RUN %s" % (local_cmd,), host=self._container_id) + if outfile_stdout: + stdout_fd = open(outfile_stdout, "wb") + else: + stdout_fd = subprocess.PIPE + p = subprocess.Popen(local_cmd, shell=False, stdin=subprocess.PIPE, + stdout=stdout_fd, stderr=subprocess.PIPE) + + stdout, stderr = p.communicate(input=in_data) + display.vvvv("STDOUT %s" % to_text(stdout)) + display.vvvv("STDERR %s" % to_text(stderr)) + display.vvvv("RC CODE %s" % p.returncode) + stdout = to_bytes(stdout, errors='surrogate_or_strict') + stderr = to_bytes(stderr, errors='surrogate_or_strict') + return p.returncode, stdout, stderr + + def _connect(self): + """ + no persistent connection is being maintained, mount container's filesystem + so we can easily access it + """ + super(Connection, self)._connect() + rc, self._mount_point, stderr = self._buildah("mount") + if rc != 0: + display.v("Failed to mount container %s: %s" % (self._container_id, stderr.strip())) + else: + self._mount_point = self._mount_point.strip() + to_bytes(os.path.sep, errors='surrogate_or_strict') + display.vvvv("MOUNTPOINT %s RC %s STDERR %r" % (self._mount_point, rc, stderr)) + self._connected = True + + @ensure_connect + def exec_command(self, cmd, in_data=None, sudoable=False): + """ run specified command in a running OCI container using buildah """ + super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) + + # shlex.split has a bug with text strings on Python-2.6 and can only handle text strings on Python-3 + cmd_args_list = shlex.split(to_native(cmd, errors='surrogate_or_strict')) + + rc, stdout, stderr = self._buildah("run", cmd_args_list, in_data) + + display.vvvv("STDOUT %r\nSTDERR %r" % (stderr, stderr)) + return rc, stdout, stderr + + def put_file(self, in_path, out_path): + """ Place a local file located in 'in_path' inside container at 'out_path' """ + super(Connection, self).put_file(in_path, out_path) + display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._container_id) + if not self._mount_point or self.user: + rc, stdout, stderr = self._buildah( + "copy", [in_path, out_path]) + if rc != 0: + raise AnsibleError( + "Failed to copy file from %s to %s in container %s\n%s" % ( + in_path, out_path, self._container_id, stderr) + ) + else: + real_out_path = self._mount_point + to_bytes(out_path, errors='surrogate_or_strict') + shutil.copyfile( + to_bytes(in_path, errors='surrogate_or_strict'), + to_bytes(real_out_path, errors='surrogate_or_strict') + ) + + def fetch_file(self, in_path, out_path): + """ obtain file specified via 'in_path' from the container and place it at 'out_path' """ + super(Connection, self).fetch_file(in_path, out_path) + display.vvv("FETCH %s TO %s" % + (in_path, out_path), host=self._container_id) + if not self._mount_point: + rc, stdout, stderr = self._buildah( + "run", + ["cat", to_bytes(in_path, errors='surrogate_or_strict')], + outfile_stdout=out_path) + if rc != 0: + raise AnsibleError("Failed to fetch file from %s to %s from container %s\n%s" % ( + in_path, out_path, self._container_id, stderr)) + else: + real_in_path = self._mount_point + \ + to_bytes(in_path, errors='surrogate_or_strict') + shutil.copyfile( + to_bytes(real_in_path, errors='surrogate_or_strict'), + to_bytes(out_path, errors='surrogate_or_strict') + ) + + def close(self): + """ unmount container's filesystem """ + super(Connection, self).close() + rc, stdout, stderr = self._buildah("umount") + display.vvvv("RC %s STDOUT %r STDERR %r" % (rc, stdout, stderr)) + self._connected = False diff --git a/ansible_collections/containers/podman/plugins/connection/podman.py b/ansible_collections/containers/podman/plugins/connection/podman.py new file mode 100644 index 000000000..2ade9180d --- /dev/null +++ b/ansible_collections/containers/podman/plugins/connection/podman.py @@ -0,0 +1,231 @@ +# Based on the buildah connection plugin +# Copyright (c) 2018 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# Connection plugin to interact with existing podman containers. +# https://github.com/containers/libpod +# +# Written by: Tomas Tomecek (https://github.com/TomasTomecek) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + author: Tomas Tomecek (@TomasTomecek) + name: podman + short_description: Interact with an existing podman container + description: + - Run commands or put/fetch files to an existing container using podman tool. + options: + remote_addr: + description: + - The ID of the container you want to access. + default: inventory_hostname + vars: + - name: ansible_host + - name: inventory_hostname + - name: ansible_podman_host + remote_user: + description: + - User specified via name or UID which is used to execute commands inside the container. If you + specify the user via UID, you must set C(ANSIBLE_REMOTE_TMP) to a path that exits + inside the container and is writable by Ansible. + ini: + - section: defaults + key: remote_user + env: + - name: ANSIBLE_REMOTE_USER + vars: + - name: ansible_user + podman_extra_args: + description: + - Extra arguments to pass to the podman command line. + default: '' + ini: + - section: defaults + key: podman_extra_args + vars: + - name: ansible_podman_extra_args + env: + - name: ANSIBLE_PODMAN_EXTRA_ARGS + podman_executable: + description: + - Executable for podman command. + default: podman + vars: + - name: ansible_podman_executable + env: + - name: ANSIBLE_PODMAN_EXECUTABLE +''' + +import os +import shlex +import shutil +import subprocess + +from ansible.module_utils.common.process import get_bin_path +from ansible.errors import AnsibleError +from ansible.module_utils._text import to_bytes, to_native +from ansible.plugins.connection import ConnectionBase, ensure_connect +from ansible.utils.display import Display + +display = Display() + + +# this _has to be_ named Connection +class Connection(ConnectionBase): + """ + This is a connection plugin for podman. It uses podman binary to interact with the containers + """ + + # String used to identify this Connection class from other classes + transport = 'containers.podman.podman' + # We know that pipelining does not work with podman. Do not enable it, or + # users will start containers and fail to connect to them. + has_pipelining = False + + def __init__(self, play_context, new_stdin, *args, **kwargs): + super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) + + self._container_id = self._play_context.remote_addr + self._connected = False + # container filesystem will be mounted here on host + self._mount_point = None + self.user = self._play_context.remote_user + display.vvvv("Using podman connection from collection") + + def _podman(self, cmd, cmd_args=None, in_data=None, use_container_id=True): + """ + run podman executable + + :param cmd: podman's command to execute (str or list) + :param cmd_args: list of arguments to pass to the command (list of str/bytes) + :param in_data: data passed to podman's stdin + :param use_container_id: whether to append the container ID to the command + :return: return code, stdout, stderr + """ + podman_exec = self.get_option('podman_executable') + try: + podman_cmd = get_bin_path(podman_exec) + except ValueError: + raise AnsibleError("%s command not found in PATH" % podman_exec) + if not podman_cmd: + raise AnsibleError("%s command not found in PATH" % podman_exec) + local_cmd = [podman_cmd] + if self.get_option('podman_extra_args'): + local_cmd += shlex.split( + to_native( + self.get_option('podman_extra_args'), + errors='surrogate_or_strict')) + if isinstance(cmd, str): + local_cmd.append(cmd) + else: + local_cmd.extend(cmd) + + if use_container_id: + local_cmd.append(self._container_id) + if cmd_args: + local_cmd += cmd_args + local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] + + display.vvv("RUN %s" % (local_cmd,), host=self._container_id) + p = subprocess.Popen(local_cmd, shell=False, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + stdout, stderr = p.communicate(input=in_data) + display.vvvvv("STDOUT %s" % stdout) + display.vvvvv("STDERR %s" % stderr) + display.vvvvv("RC CODE %s" % p.returncode) + stdout = to_bytes(stdout, errors='surrogate_or_strict') + stderr = to_bytes(stderr, errors='surrogate_or_strict') + return p.returncode, stdout, stderr + + def _connect(self): + """ + no persistent connection is being maintained, mount container's filesystem + so we can easily access it + """ + super(Connection, self)._connect() + rc, self._mount_point, stderr = self._podman("mount") + if rc != 0: + display.vvvv("Failed to mount container %s: %s" % (self._container_id, stderr.strip())) + elif not os.listdir(self._mount_point.strip()): + display.vvvv("Failed to mount container with CGroups2: empty dir %s" % self._mount_point.strip()) + self._mount_point = None + else: + self._mount_point = self._mount_point.strip() + display.vvvvv("MOUNTPOINT %s RC %s STDERR %r" % (self._mount_point, rc, stderr)) + self._connected = True + + @ensure_connect + def exec_command(self, cmd, in_data=None, sudoable=False): + """ run specified command in a running OCI container using podman """ + super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) + + # shlex.split has a bug with text strings on Python-2.6 and can only handle text strings on Python-3 + cmd_args_list = shlex.split(to_native(cmd, errors='surrogate_or_strict')) + exec_args_list = ["exec"] + if self.user: + exec_args_list.extend(("--user", self.user)) + + rc, stdout, stderr = self._podman(exec_args_list, cmd_args_list, in_data) + + display.vvvvv("STDOUT %r STDERR %r" % (stderr, stderr)) + return rc, stdout, stderr + + def put_file(self, in_path, out_path): + """ Place a local file located in 'in_path' inside container at 'out_path' """ + super(Connection, self).put_file(in_path, out_path) + display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._container_id) + if not self._mount_point or self.user: + rc, stdout, stderr = self._podman( + "cp", [in_path, self._container_id + ":" + out_path], use_container_id=False + ) + if rc != 0: + rc, stdout, stderr = self._podman( + "cp", ["--pause=false", in_path, self._container_id + ":" + out_path], use_container_id=False + ) + if rc != 0: + raise AnsibleError( + "Failed to copy file from %s to %s in container %s\n%s" % ( + in_path, out_path, self._container_id, stderr) + ) + if self.user: + rc, stdout, stderr = self._podman( + "exec", ["chown", self.user, out_path]) + if rc != 0: + raise AnsibleError( + "Failed to chown file %s for user %s in container %s\n%s" % ( + out_path, self.user, self._container_id, stderr) + ) + else: + real_out_path = self._mount_point + to_bytes(out_path, errors='surrogate_or_strict') + shutil.copyfile( + to_bytes(in_path, errors='surrogate_or_strict'), + to_bytes(real_out_path, errors='surrogate_or_strict') + ) + + def fetch_file(self, in_path, out_path): + """ obtain file specified via 'in_path' from the container and place it at 'out_path' """ + super(Connection, self).fetch_file(in_path, out_path) + display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._container_id) + if not self._mount_point: + rc, stdout, stderr = self._podman( + "cp", [self._container_id + ":" + in_path, out_path], use_container_id=False) + if rc != 0: + raise AnsibleError("Failed to fetch file from %s to %s from container %s\n%s" % ( + in_path, out_path, self._container_id, stderr)) + else: + real_in_path = self._mount_point + to_bytes(in_path, errors='surrogate_or_strict') + shutil.copyfile( + to_bytes(real_in_path, errors='surrogate_or_strict'), + to_bytes(out_path, errors='surrogate_or_strict') + ) + + def close(self): + """ unmount container's filesystem """ + super(Connection, self).close() + # we actually don't need to unmount since the container is mounted anyway + # rc, stdout, stderr = self._podman("umount") + # display.vvvvv("RC %s STDOUT %r STDERR %r" % (rc, stdout, stderr)) + self._connected = False diff --git a/ansible_collections/containers/podman/plugins/module_utils/__init__.py b/ansible_collections/containers/podman/plugins/module_utils/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/plugins/module_utils/podman/__init__.py b/ansible_collections/containers/podman/plugins/module_utils/podman/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/plugins/module_utils/podman/common.py b/ansible_collections/containers/podman/plugins/module_utils/podman/common.py new file mode 100644 index 000000000..dba3aff65 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/module_utils/podman/common.py @@ -0,0 +1,232 @@ +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import json +import os +import shutil + +from ansible.module_utils.six import raise_from +try: + from ansible.module_utils.compat.version import LooseVersion # noqa: F401 +except ImportError: + try: + from distutils.version import LooseVersion # noqa: F401 + except ImportError as exc: + raise_from(ImportError('To use this plugin or module with ansible-core' + ' < 2.11, you need to use Python < 3.12 with ' + 'distutils.version present'), exc) + + +def run_podman_command(module, executable='podman', args=None, expected_rc=0, ignore_errors=False): + if not isinstance(executable, list): + command = [executable] + if args is not None: + command.extend(args) + rc, out, err = module.run_command(command) + if not ignore_errors and rc != expected_rc: + module.fail_json( + msg='Failed to run {command} {args}: {err}'.format( + command=command, args=args, err=err)) + return rc, out, err + + +def run_generate_systemd_command(module, module_params, name, version): + """Generate systemd unit file.""" + command = [module_params['executable'], 'generate', 'systemd', + name, '--format', 'json'] + sysconf = module_params['generate_systemd'] + gt4ver = LooseVersion(version) >= LooseVersion('4.0.0') + if sysconf.get('restart_policy'): + if sysconf.get('restart_policy') not in [ + "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", + "on-abort", "always"]: + module.fail_json( + 'Restart policy for systemd unit file is "%s" and must be one of: ' + '"no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always"' % + sysconf.get('restart_policy')) + command.extend([ + '--restart-policy', + sysconf['restart_policy']]) + if sysconf.get('time'): + command.extend(['--time', str(sysconf['time'])]) + if sysconf.get('no_header'): + command.extend(['--no-header']) + if sysconf.get('names', True): + command.extend(['--name']) + if sysconf.get("new"): + command.extend(["--new"]) + if sysconf.get('container_prefix') is not None: + command.extend(['--container-prefix=%s' % sysconf['container_prefix']]) + if sysconf.get('pod_prefix') is not None: + command.extend(['--pod-prefix=%s' % sysconf['pod_prefix']]) + if sysconf.get('separator') is not None: + command.extend(['--separator=%s' % sysconf['separator']]) + if sysconf.get('after') is not None: + + sys_after = sysconf['after'] + if isinstance(sys_after, str): + sys_after = [sys_after] + for after in sys_after: + command.extend(['--after=%s' % after]) + if sysconf.get('wants') is not None: + sys_wants = sysconf['wants'] + if isinstance(sys_wants, str): + sys_wants = [sys_wants] + for want in sys_wants: + command.extend(['--wants=%s' % want]) + if sysconf.get('requires') is not None: + sys_req = sysconf['requires'] + if isinstance(sys_req, str): + sys_req = [sys_req] + for require in sys_req: + command.extend(['--requires=%s' % require]) + for param in ['after', 'wants', 'requires']: + if sysconf.get(param) is not None and not gt4ver: + module.fail_json(msg="Systemd parameter '%s' is supported from " + "podman version 4 only! Current version is %s" % ( + param, version)) + + if module.params['debug'] or module_params['debug']: + module.log("PODMAN-CONTAINER-DEBUG: systemd command: %s" % + " ".join(command)) + rc, systemd, err = module.run_command(command) + return rc, systemd, err + + +def generate_systemd(module, module_params, name, version): + empty = {} + sysconf = module_params['generate_systemd'] + rc, systemd, err = run_generate_systemd_command(module, module_params, name, version) + if rc != 0: + module.log( + "PODMAN-CONTAINER-DEBUG: Error generating systemd: %s" % err) + return empty + else: + try: + data = json.loads(systemd) + if sysconf.get('path'): + full_path = os.path.expanduser(sysconf['path']) + if not os.path.exists(full_path): + os.makedirs(full_path) + if not os.path.isdir(full_path): + module.fail_json("Path %s is not a directory! " + "Can not save systemd unit files there!" + % full_path) + for file_name, file_content in data.items(): + file_name += ".service" + with open(os.path.join(full_path, file_name), 'w') as f: + f.write(file_content) + return data + except Exception as e: + module.log( + "PODMAN-CONTAINER-DEBUG: Error writing systemd: %s" % e) + return empty + + +def delete_systemd(module, module_params, name, version): + sysconf = module_params['generate_systemd'] + if not sysconf.get('path'): + # We don't know where systemd files are located, nothing to delete + module.log( + "PODMAN-CONTAINER-DEBUG: Not deleting systemd file - no path!") + return + rc, systemd, err = run_generate_systemd_command(module, module_params, name, version) + if rc != 0: + module.log( + "PODMAN-CONTAINER-DEBUG: Error generating systemd: %s" % err) + return + else: + try: + data = json.loads(systemd) + for file_name in data.keys(): + file_name += ".service" + full_dir_path = os.path.expanduser(sysconf['path']) + file_path = os.path.join(full_dir_path, file_name) + if os.path.exists(file_path): + os.unlink(file_path) + return + except Exception as e: + module.log( + "PODMAN-CONTAINER-DEBUG: Error deleting systemd: %s" % e) + return + + +def lower_keys(x): + if isinstance(x, list): + return [lower_keys(v) for v in x] + elif isinstance(x, dict): + return dict((k.lower(), lower_keys(v)) for k, v in x.items()) + else: + return x + + +def remove_file_or_dir(path): + if os.path.isfile(path): + os.unlink(path) + elif os.path.isdir(path): + shutil.rmtree(path) + else: + raise ValueError("file %s is not a file or dir." % path) + + +# Generated from https://github.com/containers/podman/blob/main/pkg/signal/signal_linux.go +# and https://github.com/containers/podman/blob/main/pkg/signal/signal_linux_mipsx.go +_signal_map = { + "ABRT": 6, + "ALRM": 14, + "BUS": 7, + "CHLD": 17, + "CLD": 17, + "CONT": 18, + "EMT": 7, + "FPE": 8, + "HUP": 1, + "ILL": 4, + "INT": 2, + "IO": 29, + "IOT": 6, + "KILL": 9, + "PIPE": 13, + "POLL": 29, + "PROF": 27, + "PWR": 30, + "QUIT": 3, + "RTMAX": 64, + "RTMIN": 34, + "SEGV": 11, + "STKFLT": 16, + "STOP": 19, + "SYS": 31, + "TERM": 15, + "TRAP": 5, + "TSTP": 20, + "TTIN": 21, + "TTOU": 22, + "URG": 23, + "USR1": 10, + "USR2": 12, + "VTALRM": 26, + "WINCH": 28, + "XCPU": 24, + "XFSZ": 25 +} + +for i in range(1, _signal_map['RTMAX'] - _signal_map['RTMIN'] + 1): + _signal_map['RTMIN+{0}'.format(i)] = _signal_map['RTMIN'] + i + _signal_map['RTMAX-{0}'.format(i)] = _signal_map['RTMAX'] - i + + +def normalize_signal(signal_name_or_number): + signal_name_or_number = str(signal_name_or_number) + if signal_name_or_number.isdigit(): + return signal_name_or_number + else: + signal_name = signal_name_or_number.upper() + if signal_name.startswith('SIG'): + signal_name = signal_name[3:] + if signal_name not in _signal_map: + raise RuntimeError("Unknown signal '{0}'".format(signal_name_or_number)) + return str(_signal_map[signal_name]) diff --git a/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py b/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py new file mode 100644 index 000000000..1ba28f4c8 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py @@ -0,0 +1,1696 @@ +from __future__ import (absolute_import, division, print_function) +import json # noqa: F402 +import os # noqa: F402 +import shlex # noqa: F402 + +from ansible.module_utils._text import to_bytes, to_native # noqa: F402 +from ansible_collections.containers.podman.plugins.module_utils.podman.common import LooseVersion +from ansible_collections.containers.podman.plugins.module_utils.podman.common import lower_keys +from ansible_collections.containers.podman.plugins.module_utils.podman.common import generate_systemd +from ansible_collections.containers.podman.plugins.module_utils.podman.common import delete_systemd +from ansible_collections.containers.podman.plugins.module_utils.podman.common import normalize_signal + +__metaclass__ = type + +ARGUMENTS_SPEC_CONTAINER = dict( + name=dict(required=True, type='str'), + executable=dict(default='podman', type='str'), + state=dict(type='str', default='started', choices=[ + 'absent', 'present', 'stopped', 'started', 'created']), + image=dict(type='str'), + annotation=dict(type='dict'), + authfile=dict(type='path'), + blkio_weight=dict(type='int'), + blkio_weight_device=dict(type='dict'), + cap_add=dict(type='list', elements='str', aliases=['capabilities']), + cap_drop=dict(type='list', elements='str'), + cgroup_parent=dict(type='path'), + cgroupns=dict(type='str'), + cgroups=dict(type='str'), + cidfile=dict(type='path'), + cmd_args=dict(type='list', elements='str'), + conmon_pidfile=dict(type='path'), + command=dict(type='raw'), + cpu_period=dict(type='int'), + cpu_rt_period=dict(type='int'), + cpu_rt_runtime=dict(type='int'), + cpu_shares=dict(type='int'), + cpus=dict(type='str'), + cpuset_cpus=dict(type='str'), + cpuset_mems=dict(type='str'), + detach=dict(type='bool', default=True), + debug=dict(type='bool', default=False), + detach_keys=dict(type='str', no_log=False), + device=dict(type='list', elements='str'), + device_read_bps=dict(type='list', elements='str'), + device_read_iops=dict(type='list', elements='str'), + device_write_bps=dict(type='list', elements='str'), + device_write_iops=dict(type='list', elements='str'), + dns=dict(type='list', elements='str', aliases=['dns_servers']), + dns_option=dict(type='str', aliases=['dns_opts']), + dns_search=dict(type='str', aliases=['dns_search_domains']), + entrypoint=dict(type='str'), + env=dict(type='dict'), + env_file=dict(type='path'), + env_host=dict(type='bool'), + etc_hosts=dict(type='dict', aliases=['add_hosts']), + expose=dict(type='list', elements='str', aliases=[ + 'exposed', 'exposed_ports']), + force_restart=dict(type='bool', default=False, + aliases=['restart']), + generate_systemd=dict(type='dict', default={}), + gidmap=dict(type='list', elements='str'), + group_add=dict(type='list', elements='str', aliases=['groups']), + healthcheck=dict(type='str'), + healthcheck_interval=dict(type='str'), + healthcheck_retries=dict(type='int'), + healthcheck_start_period=dict(type='str'), + healthcheck_timeout=dict(type='str'), + hooks_dir=dict(type='list', elements='str'), + hostname=dict(type='str'), + http_proxy=dict(type='bool'), + image_volume=dict(type='str', choices=['bind', 'tmpfs', 'ignore']), + image_strict=dict(type='bool', default=False), + init=dict(type='bool'), + init_path=dict(type='str'), + interactive=dict(type='bool'), + ip=dict(type='str'), + ipc=dict(type='str', aliases=['ipc_mode']), + kernel_memory=dict(type='str'), + label=dict(type='dict', aliases=['labels']), + label_file=dict(type='str'), + log_driver=dict(type='str', choices=[ + 'k8s-file', 'journald', 'json-file']), + log_level=dict( + type='str', + choices=["debug", "info", "warn", "error", "fatal", "panic"]), + log_opt=dict(type='dict', aliases=['log_options'], + options=dict( + max_size=dict(type='str'), + path=dict(type='str'), + tag=dict(type='str'))), + mac_address=dict(type='str'), + memory=dict(type='str'), + memory_reservation=dict(type='str'), + memory_swap=dict(type='str'), + memory_swappiness=dict(type='int'), + mount=dict(type='list', elements='str', aliases=['mounts']), + network=dict(type='list', elements='str', aliases=['net', 'network_mode']), + network_aliases=dict(type='list', elements='str'), + no_hosts=dict(type='bool'), + oom_kill_disable=dict(type='bool'), + oom_score_adj=dict(type='int'), + pid=dict(type='str', aliases=['pid_mode']), + pids_limit=dict(type='str'), + pod=dict(type='str'), + privileged=dict(type='bool'), + publish=dict(type='list', elements='str', aliases=[ + 'ports', 'published', 'published_ports']), + publish_all=dict(type='bool'), + read_only=dict(type='bool'), + read_only_tmpfs=dict(type='bool'), + recreate=dict(type='bool', default=False), + requires=dict(type='list', elements='str'), + restart_policy=dict(type='str'), + rm=dict(type='bool', aliases=['remove', 'auto_remove']), + rootfs=dict(type='bool'), + secrets=dict(type='list', elements='str', no_log=True), + sdnotify=dict(type='str'), + security_opt=dict(type='list', elements='str'), + shm_size=dict(type='str'), + sig_proxy=dict(type='bool'), + stop_signal=dict(type='int'), + stop_timeout=dict(type='int'), + subgidname=dict(type='str'), + subuidname=dict(type='str'), + sysctl=dict(type='dict'), + systemd=dict(type='str'), + timezone=dict(type='str'), + tmpfs=dict(type='dict'), + tty=dict(type='bool'), + uidmap=dict(type='list', elements='str'), + ulimit=dict(type='list', elements='str', aliases=['ulimits']), + user=dict(type='str'), + userns=dict(type='str', aliases=['userns_mode']), + uts=dict(type='str'), + volume=dict(type='list', elements='str', aliases=['volumes']), + volumes_from=dict(type='list', elements='str'), + workdir=dict(type='str', aliases=['working_dir']) +) + + +def init_options(): + default = {} + opts = ARGUMENTS_SPEC_CONTAINER + for k, v in opts.items(): + if 'default' in v: + default[k] = v['default'] + else: + default[k] = None + return default + + +def update_options(opts_dict, container): + def to_bool(x): + return str(x).lower() not in ['no', 'false'] + + aliases = {} + for k, v in ARGUMENTS_SPEC_CONTAINER.items(): + if 'aliases' in v: + for alias in v['aliases']: + aliases[alias] = k + for k in list(container): + if k in aliases: + key = aliases[k] + container[key] = container.pop(k) + else: + key = k + if ARGUMENTS_SPEC_CONTAINER[key]['type'] == 'list' and not isinstance(container[key], list): + opts_dict[key] = [container[key]] + elif ARGUMENTS_SPEC_CONTAINER[key]['type'] == 'bool' and not isinstance(container[key], bool): + opts_dict[key] = to_bool(container[key]) + elif ARGUMENTS_SPEC_CONTAINER[key]['type'] == 'int' and not isinstance(container[key], int): + opts_dict[key] = int(container[key]) + else: + opts_dict[key] = container[key] + + return opts_dict + + +def set_container_opts(input_vars): + default_options_templ = init_options() + options_dict = update_options(default_options_templ, input_vars) + return options_dict + + +class PodmanModuleParams: + """Creates list of arguments for podman CLI command. + + Arguments: + action {str} -- action type from 'run', 'stop', 'create', 'delete', + 'start', 'restart' + params {dict} -- dictionary of module parameters + + """ + + def __init__(self, action, params, podman_version, module): + self.params = params + self.action = action + self.podman_version = podman_version + self.module = module + + def construct_command_from_params(self): + """Create a podman command from given module parameters. + + Returns: + list -- list of byte strings for Popen command + """ + if self.action in ['start', 'stop', 'delete', 'restart']: + return self.start_stop_delete() + if self.action in ['create', 'run']: + cmd = [self.action, '--name', self.params['name']] + all_param_methods = [func for func in dir(self) + if callable(getattr(self, func)) + and func.startswith("addparam")] + params_set = (i for i in self.params if self.params[i] is not None) + for param in params_set: + func_name = "_".join(["addparam", param]) + if func_name in all_param_methods: + cmd = getattr(self, func_name)(cmd) + cmd.append(self.params['image']) + if self.params['command']: + if isinstance(self.params['command'], list): + cmd += self.params['command'] + else: + cmd += self.params['command'].split() + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def start_stop_delete(self): + + if self.action in ['stop', 'start', 'restart']: + cmd = [self.action, self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + if self.action == 'delete': + cmd = ['rm', '-f', self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def check_version(self, param, minv=None, maxv=None): + if minv and LooseVersion(minv) > LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported from podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + if maxv and LooseVersion(maxv) < LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported till podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + + def addparam_annotation(self, c): + for annotate in self.params['annotation'].items(): + c += ['--annotation', '='.join(annotate)] + return c + + def addparam_authfile(self, c): + return c + ['--authfile', self.params['authfile']] + + def addparam_blkio_weight(self, c): + return c + ['--blkio-weight', self.params['blkio_weight']] + + def addparam_blkio_weight_device(self, c): + for blkio in self.params['blkio_weight_device'].items(): + c += ['--blkio-weight-device', ':'.join(blkio)] + return c + + def addparam_cap_add(self, c): + for cap_add in self.params['cap_add']: + c += ['--cap-add', cap_add] + return c + + def addparam_cap_drop(self, c): + for cap_drop in self.params['cap_drop']: + c += ['--cap-drop', cap_drop] + return c + + def addparam_cgroups(self, c): + self.check_version('--cgroups', minv='1.6.0') + return c + ['--cgroups=%s' % self.params['cgroups']] + + def addparam_cgroupns(self, c): + self.check_version('--cgroupns', minv='1.6.2') + return c + ['--cgroupns=%s' % self.params['cgroupns']] + + def addparam_cgroup_parent(self, c): + return c + ['--cgroup-parent', self.params['cgroup_parent']] + + def addparam_cidfile(self, c): + return c + ['--cidfile', self.params['cidfile']] + + def addparam_conmon_pidfile(self, c): + return c + ['--conmon-pidfile', self.params['conmon_pidfile']] + + def addparam_cpu_period(self, c): + return c + ['--cpu-period', self.params['cpu_period']] + + def addparam_cpu_rt_period(self, c): + return c + ['--cpu-rt-period', self.params['cpu_rt_period']] + + def addparam_cpu_rt_runtime(self, c): + return c + ['--cpu-rt-runtime', self.params['cpu_rt_runtime']] + + def addparam_cpu_shares(self, c): + return c + ['--cpu-shares', self.params['cpu_shares']] + + def addparam_cpus(self, c): + return c + ['--cpus', self.params['cpus']] + + def addparam_cpuset_cpus(self, c): + return c + ['--cpuset-cpus', self.params['cpuset_cpus']] + + def addparam_cpuset_mems(self, c): + return c + ['--cpuset-mems', self.params['cpuset_mems']] + + def addparam_detach(self, c): + return c + ['--detach=%s' % self.params['detach']] + + def addparam_detach_keys(self, c): + return c + ['--detach-keys', self.params['detach_keys']] + + def addparam_device(self, c): + for dev in self.params['device']: + c += ['--device', dev] + return c + + def addparam_device_read_bps(self, c): + for dev in self.params['device_read_bps']: + c += ['--device-read-bps', dev] + return c + + def addparam_device_read_iops(self, c): + for dev in self.params['device_read_iops']: + c += ['--device-read-iops', dev] + return c + + def addparam_device_write_bps(self, c): + for dev in self.params['device_write_bps']: + c += ['--device-write-bps', dev] + return c + + def addparam_device_write_iops(self, c): + for dev in self.params['device_write_iops']: + c += ['--device-write-iops', dev] + return c + + def addparam_dns(self, c): + return c + ['--dns', ','.join(self.params['dns'])] + + def addparam_dns_option(self, c): + return c + ['--dns-option', self.params['dns_option']] + + def addparam_dns_search(self, c): + return c + ['--dns-search', self.params['dns_search']] + + def addparam_entrypoint(self, c): + return c + ['--entrypoint', self.params['entrypoint']] + + def addparam_env(self, c): + for env_value in self.params['env'].items(): + c += ['--env', + b"=".join([to_bytes(k, errors='surrogate_or_strict') + for k in env_value])] + return c + + def addparam_env_file(self, c): + return c + ['--env-file', self.params['env_file']] + + def addparam_env_host(self, c): + self.check_version('--env-host', minv='1.5.0') + return c + ['--env-host=%s' % self.params['env_host']] + + def addparam_etc_hosts(self, c): + for host_ip in self.params['etc_hosts'].items(): + c += ['--add-host', ':'.join(host_ip)] + return c + + def addparam_expose(self, c): + for exp in self.params['expose']: + c += ['--expose', exp] + return c + + def addparam_gidmap(self, c): + for gidmap in self.params['gidmap']: + c += ['--gidmap', gidmap] + return c + + def addparam_group_add(self, c): + for g in self.params['group_add']: + c += ['--group-add', g] + return c + + def addparam_healthcheck(self, c): + return c + ['--healthcheck-command', self.params['healthcheck']] + + def addparam_healthcheck_interval(self, c): + return c + ['--healthcheck-interval', + self.params['healthcheck_interval']] + + def addparam_healthcheck_retries(self, c): + return c + ['--healthcheck-retries', + self.params['healthcheck_retries']] + + def addparam_healthcheck_start_period(self, c): + return c + ['--healthcheck-start-period', + self.params['healthcheck_start_period']] + + def addparam_healthcheck_timeout(self, c): + return c + ['--healthcheck-timeout', + self.params['healthcheck_timeout']] + + def addparam_hooks_dir(self, c): + for hook_dir in self.params['hooks_dir']: + c += ['--hooks-dir=%s' % hook_dir] + return c + + def addparam_hostname(self, c): + return c + ['--hostname', self.params['hostname']] + + def addparam_http_proxy(self, c): + return c + ['--http-proxy=%s' % self.params['http_proxy']] + + def addparam_image_volume(self, c): + return c + ['--image-volume', self.params['image_volume']] + + def addparam_init(self, c): + if self.params['init']: + c += ['--init'] + return c + + def addparam_init_path(self, c): + return c + ['--init-path', self.params['init_path']] + + def addparam_interactive(self, c): + return c + ['--interactive=%s' % self.params['interactive']] + + def addparam_ip(self, c): + return c + ['--ip', self.params['ip']] + + def addparam_ipc(self, c): + return c + ['--ipc', self.params['ipc']] + + def addparam_kernel_memory(self, c): + return c + ['--kernel-memory', self.params['kernel_memory']] + + def addparam_label(self, c): + for label in self.params['label'].items(): + c += ['--label', b'='.join([to_bytes(la, errors='surrogate_or_strict') + for la in label])] + return c + + def addparam_label_file(self, c): + return c + ['--label-file', self.params['label_file']] + + def addparam_log_driver(self, c): + return c + ['--log-driver', self.params['log_driver']] + + def addparam_log_opt(self, c): + for k, v in self.params['log_opt'].items(): + if v is not None: + c += ['--log-opt', + b"=".join([to_bytes(k.replace('max_size', 'max-size'), + errors='surrogate_or_strict'), + to_bytes(v, + errors='surrogate_or_strict')])] + return c + + def addparam_log_level(self, c): + return c + ['--log-level', self.params['log_level']] + + def addparam_mac_address(self, c): + return c + ['--mac-address', self.params['mac_address']] + + def addparam_memory(self, c): + return c + ['--memory', self.params['memory']] + + def addparam_memory_reservation(self, c): + return c + ['--memory-reservation', self.params['memory_reservation']] + + def addparam_memory_swap(self, c): + return c + ['--memory-swap', self.params['memory_swap']] + + def addparam_memory_swappiness(self, c): + return c + ['--memory-swappiness', self.params['memory_swappiness']] + + def addparam_mount(self, c): + for mnt in self.params['mount']: + if mnt: + c += ['--mount', mnt] + return c + + def addparam_network(self, c): + if LooseVersion(self.podman_version) >= LooseVersion('4.0.0'): + for net in self.params['network']: + c += ['--network', net] + return c + return c + ['--network', ",".join(self.params['network'])] + + def addparam_network_aliases(self, c): + for alias in self.params['network_aliases']: + c += ['--network-alias', alias] + return c + + def addparam_no_hosts(self, c): + return c + ['--no-hosts=%s' % self.params['no_hosts']] + + def addparam_oom_kill_disable(self, c): + return c + ['--oom-kill-disable=%s' % self.params['oom_kill_disable']] + + def addparam_oom_score_adj(self, c): + return c + ['--oom-score-adj', self.params['oom_score_adj']] + + def addparam_pid(self, c): + return c + ['--pid', self.params['pid']] + + def addparam_pids_limit(self, c): + return c + ['--pids-limit', self.params['pids_limit']] + + def addparam_pod(self, c): + return c + ['--pod', self.params['pod']] + + def addparam_privileged(self, c): + return c + ['--privileged=%s' % self.params['privileged']] + + def addparam_publish(self, c): + for pub in self.params['publish']: + c += ['--publish', pub] + return c + + def addparam_publish_all(self, c): + return c + ['--publish-all=%s' % self.params['publish_all']] + + def addparam_read_only(self, c): + return c + ['--read-only=%s' % self.params['read_only']] + + def addparam_read_only_tmpfs(self, c): + return c + ['--read-only-tmpfs=%s' % self.params['read_only_tmpfs']] + + def addparam_requires(self, c): + return c + ['--requires', ",".join(self.params['requires'])] + + def addparam_restart_policy(self, c): + return c + ['--restart=%s' % self.params['restart_policy']] + + def addparam_rm(self, c): + if self.params['rm']: + c += ['--rm'] + return c + + def addparam_rootfs(self, c): + return c + ['--rootfs=%s' % self.params['rootfs']] + + def addparam_sdnotify(self, c): + return c + ['--sdnotify=%s' % self.params['sdnotify']] + + def addparam_secrets(self, c): + for secret in self.params['secrets']: + c += ['--secret', secret] + return c + + def addparam_security_opt(self, c): + for secopt in self.params['security_opt']: + c += ['--security-opt', secopt] + return c + + def addparam_shm_size(self, c): + return c + ['--shm-size', self.params['shm_size']] + + def addparam_sig_proxy(self, c): + return c + ['--sig-proxy=%s' % self.params['sig_proxy']] + + def addparam_stop_signal(self, c): + return c + ['--stop-signal', self.params['stop_signal']] + + def addparam_stop_timeout(self, c): + return c + ['--stop-timeout', self.params['stop_timeout']] + + def addparam_subgidname(self, c): + return c + ['--subgidname', self.params['subgidname']] + + def addparam_subuidname(self, c): + return c + ['--subuidname', self.params['subuidname']] + + def addparam_sysctl(self, c): + for sysctl in self.params['sysctl'].items(): + c += ['--sysctl', + b"=".join([to_bytes(k, errors='surrogate_or_strict') + for k in sysctl])] + return c + + def addparam_systemd(self, c): + return c + ['--systemd=%s' % str(self.params['systemd']).lower()] + + def addparam_tmpfs(self, c): + for tmpfs in self.params['tmpfs'].items(): + c += ['--tmpfs', ':'.join(tmpfs)] + return c + + def addparam_timezone(self, c): + return c + ['--tz=%s' % self.params['timezone']] + + def addparam_tty(self, c): + return c + ['--tty=%s' % self.params['tty']] + + def addparam_uidmap(self, c): + for uidmap in self.params['uidmap']: + c += ['--uidmap', uidmap] + return c + + def addparam_ulimit(self, c): + for u in self.params['ulimit']: + c += ['--ulimit', u] + return c + + def addparam_user(self, c): + return c + ['--user', self.params['user']] + + def addparam_userns(self, c): + return c + ['--userns', self.params['userns']] + + def addparam_uts(self, c): + return c + ['--uts', self.params['uts']] + + def addparam_volume(self, c): + for vol in self.params['volume']: + if vol: + c += ['--volume', vol] + return c + + def addparam_volumes_from(self, c): + for vol in self.params['volumes_from']: + c += ['--volumes-from', vol] + return c + + def addparam_workdir(self, c): + return c + ['--workdir', self.params['workdir']] + + # Add your own args for podman command + def addparam_cmd_args(self, c): + return c + self.params['cmd_args'] + + +class PodmanDefaults: + def __init__(self, image_info, podman_version): + self.version = podman_version + self.image_info = image_info + self.defaults = { + "blkio_weight": 0, + "cgroups": "default", + "cidfile": "", + "cpus": 0.0, + "cpu_shares": 0, + "cpu_quota": 0, + "cpu_period": 0, + "cpu_rt_runtime": 0, + "cpu_rt_period": 0, + "cpuset_cpus": "", + "cpuset_mems": "", + "detach": True, + "device": [], + "env_host": False, + "etc_hosts": {}, + "group_add": [], + "ipc": "", + "kernelmemory": "0", + "log_level": "error", + "memory": "0", + "memory_swap": "0", + "memory_reservation": "0", + # "memory_swappiness": -1, + "no_hosts": False, + # libpod issue with networks in inspection + "oom_score_adj": 0, + "pid": "", + "privileged": False, + "read_only": False, + "rm": False, + "security_opt": [], + "stop_signal": self.image_info.get('config', {}).get('stopsignal', "15"), + "tty": False, + "user": self.image_info.get('user', ''), + "workdir": self.image_info.get('config', {}).get('workingdir', '/'), + "uts": "", + } + + def default_dict(self): + # make here any changes to self.defaults related to podman version + # https://github.com/containers/libpod/pull/5669 + if (LooseVersion(self.version) >= LooseVersion('1.8.0') + and LooseVersion(self.version) < LooseVersion('1.9.0')): + self.defaults['cpu_shares'] = 1024 + if (LooseVersion(self.version) >= LooseVersion('2.0.0')): + self.defaults['network'] = ["slirp4netns"] + self.defaults['ipc'] = "private" + self.defaults['uts'] = "private" + self.defaults['pid'] = "private" + if (LooseVersion(self.version) >= LooseVersion('3.0.0')): + self.defaults['log_level'] = "warning" + if (LooseVersion(self.version) >= LooseVersion('4.1.0')): + self.defaults['ipc'] = "shareable" + return self.defaults + + +class PodmanContainerDiff: + def __init__(self, module, module_params, info, image_info, podman_version): + self.module = module + self.module_params = module_params + self.version = podman_version + self.default_dict = None + self.info = lower_keys(info) + self.image_info = lower_keys(image_info) + self.params = self.defaultize() + self.diff = {'before': {}, 'after': {}} + self.non_idempotent = {} + + def defaultize(self): + params_with_defaults = {} + self.default_dict = PodmanDefaults( + self.image_info, self.version).default_dict() + for p in self.module_params: + if self.module_params[p] is None and p in self.default_dict: + params_with_defaults[p] = self.default_dict[p] + else: + params_with_defaults[p] = self.module_params[p] + return params_with_defaults + + def _diff_update_and_compare(self, param_name, before, after): + if before != after: + self.diff['before'].update({param_name: before}) + self.diff['after'].update({param_name: after}) + return True + return False + + def diffparam_annotation(self): + before = self.info['config']['annotations'] or {} + after = before.copy() + if self.module_params['annotation'] is not None: + after.update(self.params['annotation']) + return self._diff_update_and_compare('annotation', before, after) + + def diffparam_env_host(self): + # It's impossible to get from inspest, recreate it if not default + before = False + after = self.params['env_host'] + return self._diff_update_and_compare('env_host', before, after) + + def diffparam_blkio_weight(self): + before = self.info['hostconfig']['blkioweight'] + after = self.params['blkio_weight'] + return self._diff_update_and_compare('blkio_weight', before, after) + + def diffparam_blkio_weight_device(self): + before = self.info['hostconfig']['blkioweightdevice'] + if before == [] and self.module_params['blkio_weight_device'] is None: + after = [] + else: + after = self.params['blkio_weight_device'] + return self._diff_update_and_compare('blkio_weight_device', before, after) + + def diffparam_cap_add(self): + before = self.info['effectivecaps'] or [] + before = [i.lower() for i in before] + after = [] + if self.module_params['cap_add'] is not None: + for cap in self.module_params['cap_add']: + cap = cap.lower() + cap = cap if cap.startswith('cap_') else 'cap_' + cap + after.append(cap) + after += before + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('cap_add', before, after) + + def diffparam_cap_drop(self): + before = self.info['effectivecaps'] or [] + before = [i.lower() for i in before] + after = before[:] + if self.module_params['cap_drop'] is not None: + for cap in self.module_params['cap_drop']: + cap = cap.lower() + cap = cap if cap.startswith('cap_') else 'cap_' + cap + if cap in after: + after.remove(cap) + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('cap_drop', before, after) + + def diffparam_cgroup_parent(self): + before = self.info['hostconfig']['cgroupparent'] + after = self.params['cgroup_parent'] + if after is None: + after = before + return self._diff_update_and_compare('cgroup_parent', before, after) + + def diffparam_cgroups(self): + # Cgroups output is not supported in all versions + if 'cgroups' in self.info['hostconfig']: + before = self.info['hostconfig']['cgroups'] + after = self.params['cgroups'] + return self._diff_update_and_compare('cgroups', before, after) + return False + + def diffparam_cidfile(self): + before = self.info['hostconfig']['containeridfile'] + after = self.params['cidfile'] + labels = self.info['config']['labels'] or {} + # Ignore cidfile that is coming from systemd files + # https://github.com/containers/ansible-podman-collections/issues/276 + if 'podman_systemd_unit' in labels: + after = before + return self._diff_update_and_compare('cidfile', before, after) + + def diffparam_command(self): + # TODO(sshnaidm): to inspect image to get the default command + if self.module_params['command'] is not None: + before = self.info['config']['cmd'] + after = self.params['command'] + if isinstance(after, str): + after = shlex.split(after) + return self._diff_update_and_compare('command', before, after) + return False + + def diffparam_conmon_pidfile(self): + before = self.info['conmonpidfile'] + if self.module_params['conmon_pidfile'] is None: + after = before + else: + after = self.params['conmon_pidfile'] + return self._diff_update_and_compare('conmon_pidfile', before, after) + + def diffparam_cpu_period(self): + before = self.info['hostconfig']['cpuperiod'] + after = self.params['cpu_period'] + return self._diff_update_and_compare('cpu_period', before, after) + + def diffparam_cpu_rt_period(self): + before = self.info['hostconfig']['cpurealtimeperiod'] + after = self.params['cpu_rt_period'] + return self._diff_update_and_compare('cpu_rt_period', before, after) + + def diffparam_cpu_rt_runtime(self): + before = self.info['hostconfig']['cpurealtimeruntime'] + after = self.params['cpu_rt_runtime'] + return self._diff_update_and_compare('cpu_rt_runtime', before, after) + + def diffparam_cpu_shares(self): + before = self.info['hostconfig']['cpushares'] + after = self.params['cpu_shares'] + return self._diff_update_and_compare('cpu_shares', before, after) + + def diffparam_cpus(self): + before = int(self.info['hostconfig']['nanocpus']) / 1000000000 + after = self.params['cpus'] + return self._diff_update_and_compare('cpus', before, after) + + def diffparam_cpuset_cpus(self): + before = self.info['hostconfig']['cpusetcpus'] + after = self.params['cpuset_cpus'] + return self._diff_update_and_compare('cpuset_cpus', before, after) + + def diffparam_cpuset_mems(self): + before = self.info['hostconfig']['cpusetmems'] + after = self.params['cpuset_mems'] + return self._diff_update_and_compare('cpuset_mems', before, after) + + def diffparam_device(self): + before = [":".join([i['pathonhost'], i['pathincontainer']]) + for i in self.info['hostconfig']['devices']] + if not before and 'createcommand' in self.info['config']: + cr_com = self.info['config']['createcommand'] + if '--device' in cr_com: + before = [cr_com[k + 1].lower() + for k, i in enumerate(cr_com) if i == '--device'] + before = [":".join((i, i)) + if len(i.split(":")) == 1 else i for i in before] + after = [":".join(i.split(":")[:2]) for i in self.params['device']] + after = [":".join((i, i)) + if len(i.split(":")) == 1 else i for i in after] + after = [i.lower() for i in after] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('devices', before, after) + + def diffparam_device_read_bps(self): + before = self.info['hostconfig']['blkiodevicereadbps'] or [] + before = ["%s:%s" % (i['path'], i['rate']) for i in before] + after = self.params['device_read_bps'] or [] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('device_read_bps', before, after) + + def diffparam_device_read_iops(self): + before = self.info['hostconfig']['blkiodevicereadiops'] or [] + before = ["%s:%s" % (i['path'], i['rate']) for i in before] + after = self.params['device_read_iops'] or [] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('device_read_iops', before, after) + + def diffparam_device_write_bps(self): + before = self.info['hostconfig']['blkiodevicewritebps'] or [] + before = ["%s:%s" % (i['path'], i['rate']) for i in before] + after = self.params['device_write_bps'] or [] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('device_write_bps', before, after) + + def diffparam_device_write_iops(self): + before = self.info['hostconfig']['blkiodevicewriteiops'] or [] + before = ["%s:%s" % (i['path'], i['rate']) for i in before] + after = self.params['device_write_iops'] or [] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('device_write_iops', before, after) + + # Limited idempotency, it can't guess default values + def diffparam_env(self): + env_before = self.info['config']['env'] or {} + before = {i.split("=")[0]: "=".join(i.split("=")[1:]) + for i in env_before} + after = before.copy() + if self.params['env']: + after.update({k: str(v) for k, v in self.params['env'].items()}) + return self._diff_update_and_compare('env', before, after) + + def diffparam_etc_hosts(self): + if self.info['hostconfig']['extrahosts']: + before = dict([i.split(":", 1) + for i in self.info['hostconfig']['extrahosts']]) + else: + before = {} + after = self.params['etc_hosts'] + return self._diff_update_and_compare('etc_hosts', before, after) + + def diffparam_group_add(self): + before = self.info['hostconfig']['groupadd'] + after = self.params['group_add'] + return self._diff_update_and_compare('group_add', before, after) + + # Healthcheck is only defined in container config if a healthcheck + # was configured; otherwise the config key isn't part of the config. + def diffparam_healthcheck(self): + if 'healthcheck' in self.info['config']: + # the "test" key is a list of 2 items where the first one is + # "CMD-SHELL" and the second one is the actual healthcheck command. + before = self.info['config']['healthcheck']['test'][1] + else: + before = '' + after = self.params['healthcheck'] or before + return self._diff_update_and_compare('healthcheck', before, after) + + # Because of hostname is random generated, this parameter has partial idempotency only. + def diffparam_hostname(self): + before = self.info['config']['hostname'] + after = self.params['hostname'] or before + return self._diff_update_and_compare('hostname', before, after) + + def diffparam_image(self): + before_id = self.info['image'] or self.info['rootfs'] + after_id = self.image_info['id'] + if before_id == after_id: + return self._diff_update_and_compare('image', before_id, after_id) + is_rootfs = self.info['rootfs'] != '' or self.params['rootfs'] + before = self.info['config']['image'] or before_id + after = self.params['image'] + mode = self.params['image_strict'] or is_rootfs + if mode is None or not mode: + # In a idempotency 'lite mode' assume all images from different registries are the same + before = before.replace(":latest", "") + after = after.replace(":latest", "") + before = before.split("/")[-1] + after = after.split("/")[-1] + else: + return self._diff_update_and_compare('image', before_id, after_id) + return self._diff_update_and_compare('image', before, after) + + def diffparam_ipc(self): + before = self.info['hostconfig']['ipcmode'] + after = self.params['ipc'] + if self.params['pod'] and not self.module_params['ipc']: + after = before + return self._diff_update_and_compare('ipc', before, after) + + def diffparam_label(self): + before = self.info['config']['labels'] or {} + after = self.image_info.get('labels') or {} + if self.params['label']: + after.update({ + str(k).lower(): str(v) + for k, v in self.params['label'].items() + }) + # Strip out labels that are coming from systemd files + # https://github.com/containers/ansible-podman-collections/issues/276 + if 'podman_systemd_unit' in before: + after.pop('podman_systemd_unit', None) + before.pop('podman_systemd_unit', None) + return self._diff_update_and_compare('label', before, after) + + def diffparam_log_driver(self): + before = self.info['hostconfig']['logconfig']['type'] + if self.module_params['log_driver'] is not None: + after = self.params['log_driver'] + else: + after = before + return self._diff_update_and_compare('log_driver', before, after) + + # Parameter has limited idempotency, unable to guess the default log_path + def diffparam_log_opt(self): + before, after = {}, {} + + # Log path + path_before = None + if 'logpath' in self.info: + path_before = self.info['logpath'] + # For Podman v3 + if ('logconfig' in self.info['hostconfig'] and + 'path' in self.info['hostconfig']['logconfig']): + path_before = self.info['hostconfig']['logconfig']['path'] + if path_before is not None: + if (self.module_params['log_opt'] and + 'path' in self.module_params['log_opt'] and + self.module_params['log_opt']['path'] is not None): + path_after = self.params['log_opt']['path'] + else: + path_after = path_before + if path_before != path_after: + before.update({'log-path': path_before}) + after.update({'log-path': path_after}) + + # Log tag + tag_before = None + if 'logtag' in self.info: + tag_before = self.info['logtag'] + # For Podman v3 + if ('logconfig' in self.info['hostconfig'] and + 'tag' in self.info['hostconfig']['logconfig']): + tag_before = self.info['hostconfig']['logconfig']['tag'] + if tag_before is not None: + if (self.module_params['log_opt'] and + 'tag' in self.module_params['log_opt'] and + self.module_params['log_opt']['tag'] is not None): + tag_after = self.params['log_opt']['tag'] + else: + tag_after = '' + if tag_before != tag_after: + before.update({'log-tag': tag_before}) + after.update({'log-tag': tag_after}) + + # Log size + # For Podman v3 + # size_before = '0B' + # TODO(sshnaidm): integrate B/KB/MB/GB calculation for sizes + # if ('logconfig' in self.info['hostconfig'] and + # 'size' in self.info['hostconfig']['logconfig']): + # size_before = self.info['hostconfig']['logconfig']['size'] + # if size_before != '0B': + # if (self.module_params['log_opt'] and + # 'max_size' in self.module_params['log_opt'] and + # self.module_params['log_opt']['max_size'] is not None): + # size_after = self.params['log_opt']['max_size'] + # else: + # size_after = '' + # if size_before != size_after: + # before.update({'log-size': size_before}) + # after.update({'log-size': size_after}) + + return self._diff_update_and_compare('log_opt', before, after) + + def diffparam_mac_address(self): + before = str(self.info['networksettings']['macaddress']) + if not before and self.info['networksettings'].get('networks'): + nets = self.info['networksettings']['networks'] + macs = [ + nets[i]["macaddress"] for i in nets if nets[i]["macaddress"]] + if macs: + before = macs[0] + if not before and 'createcommand' in self.info['config']: + cr_com = self.info['config']['createcommand'] + if '--mac-address' in cr_com: + before = cr_com[cr_com.index('--mac-address') + 1].lower() + if self.module_params['mac_address'] is not None: + after = self.params['mac_address'] + else: + after = before + return self._diff_update_and_compare('mac_address', before, after) + + def diffparam_network(self): + net_mode_before = self.info['hostconfig']['networkmode'] + net_mode_after = '' + before = list(self.info['networksettings'].get('networks', {})) + # Remove default 'podman' network in v3 for comparison + if before == ['podman']: + before = [] + # Special case for options for slirp4netns rootless networking from v2 + if net_mode_before == 'slirp4netns' and 'createcommand' in self.info['config']: + cr_com = self.info['config']['createcommand'] + if '--network' in cr_com: + cr_net = cr_com[cr_com.index('--network') + 1].lower() + if 'slirp4netns:' in cr_net: + before = [cr_net] + after = self.params['network'] or [] + # If container is in pod and no networks are provided + if not self.module_params['network'] and self.params['pod']: + after = before + return self._diff_update_and_compare('network', before, after) + # Check special network modes + if after in [['bridge'], ['host'], ['slirp4netns'], ['none']]: + net_mode_after = after[0] + # If changes are only for network mode and container has no networks + if net_mode_after and not before: + # Remove differences between v1 and v2 + net_mode_after = net_mode_after.replace('bridge', 'default') + net_mode_after = net_mode_after.replace('slirp4netns', 'default') + net_mode_before = net_mode_before.replace('bridge', 'default') + net_mode_before = net_mode_before.replace('slirp4netns', 'default') + return self._diff_update_and_compare('network', net_mode_before, net_mode_after) + # If container is attached to network of a different container + if "container" in net_mode_before: + for netw in after: + if "container" in netw: + before = after = netw + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('network', before, after) + + def diffparam_oom_score_adj(self): + before = self.info['hostconfig']['oomscoreadj'] + after = self.params['oom_score_adj'] + return self._diff_update_and_compare('oom_score_adj', before, after) + + def diffparam_privileged(self): + before = self.info['hostconfig']['privileged'] + after = self.params['privileged'] + return self._diff_update_and_compare('privileged', before, after) + + def diffparam_pid(self): + before = self.info['hostconfig']['pidmode'] + after = self.params['pid'] + return self._diff_update_and_compare('pid', before, after) + + # TODO(sshnaidm) Need to add port ranges support + def diffparam_publish(self): + def compose(p, h): + s = ":".join( + [str(h["hostport"]), p.replace('/tcp', '')] + ).strip(":") + if h['hostip']: + return ":".join([h['hostip'], s]) + return s + + ports = self.info['hostconfig']['portbindings'] + before = [] + for port, hosts in ports.items(): + if hosts: + for h in hosts: + before.append(compose(port, h)) + after = self.params['publish'] or [] + if self.params['publish_all']: + image_ports = self.image_info.get('config', {}).get('exposedports', {}) + if image_ports: + after += list(image_ports.keys()) + after = [ + i.replace("/tcp", "").replace("[", "").replace("]", "") + for i in after] + # No support for port ranges yet + for ports in after: + if "-" in ports: + return self._diff_update_and_compare('publish', '', '') + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('publish', before, after) + + def diffparam_read_only(self): + before = self.info['hostconfig']['readonlyrootfs'] + after = self.params['read_only'] + return self._diff_update_and_compare('read_only', before, after) + + def diffparam_restart_policy(self): + before = self.info['hostconfig']['restartpolicy']['name'] + after = self.params['restart_policy'] or "" + return self._diff_update_and_compare('restart_policy', before, after) + + def diffparam_rm(self): + before = self.info['hostconfig']['autoremove'] + after = self.params['rm'] + return self._diff_update_and_compare('rm', before, after) + + def diffparam_security_opt(self): + before = self.info['hostconfig']['securityopt'] + # In rootful containers with apparmor there is a default security opt + before = [o for o in before if 'apparmor=containers-default' not in o] + after = self.params['security_opt'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('security_opt', before, after) + + def diffparam_stop_signal(self): + before = normalize_signal(self.info['config']['stopsignal']) + after = normalize_signal(self.params['stop_signal']) + return self._diff_update_and_compare('stop_signal', before, after) + + def diffparam_timezone(self): + before = self.info['config'].get('timezone') + after = self.params['timezone'] + return self._diff_update_and_compare('timezone', before, after) + + def diffparam_tty(self): + before = self.info['config']['tty'] + after = self.params['tty'] + return self._diff_update_and_compare('tty', before, after) + + def diffparam_user(self): + before = self.info['config']['user'] + after = self.params['user'] + return self._diff_update_and_compare('user', before, after) + + def diffparam_ulimit(self): + after = self.params['ulimit'] or [] + # In case of latest podman + if 'createcommand' in self.info['config']: + ulimits = [] + for k, c in enumerate(self.info['config']['createcommand']): + if c == '--ulimit': + ulimits.append(self.info['config']['createcommand'][k + 1]) + before = ulimits + before, after = sorted(before), sorted(after) + return self._diff_update_and_compare('ulimit', before, after) + if after: + ulimits = self.info['hostconfig']['ulimits'] + before = { + u['name'].replace('rlimit_', ''): "%s:%s" % (u['soft'], u['hard']) for u in ulimits} + after = {i.split('=')[0]: i.split('=')[1] + for i in self.params['ulimit']} + new_before = [] + new_after = [] + for u in list(after.keys()): + # We don't support unlimited ulimits because it depends on platform + if u in before and "-1" not in after[u]: + new_before.append([u, before[u]]) + new_after.append([u, after[u]]) + return self._diff_update_and_compare('ulimit', new_before, new_after) + return self._diff_update_and_compare('ulimit', '', '') + + def diffparam_uts(self): + before = self.info['hostconfig']['utsmode'] + after = self.params['uts'] + if self.params['pod'] and not self.module_params['uts']: + after = before + return self._diff_update_and_compare('uts', before, after) + + def diffparam_volume(self): + def clean_volume(x): + '''Remove trailing and double slashes from volumes.''' + if not x.rstrip("/"): + return "/" + return x.replace("//", "/").rstrip("/") + + before = self.info['mounts'] + before_local_vols = [] + if before: + volumes = [] + local_vols = [] + for m in before: + if m['type'] != 'volume': + volumes.append( + [ + clean_volume(m['source']), + clean_volume(m['destination']) + ]) + elif m['type'] == 'volume': + local_vols.append( + [m['name'], clean_volume(m['destination'])]) + before = [":".join(v) for v in volumes] + before_local_vols = [":".join(v) for v in local_vols] + if self.params['volume'] is not None: + after = [":".join( + [clean_volume(i) for i in v.split(":")[:2]] + ) for v in self.params['volume']] + else: + after = [] + if before_local_vols: + after = list(set(after).difference(before_local_vols)) + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('volume', before, after) + + def diffparam_volumes_from(self): + # Possibly volumesfrom is not in config + before = self.info['hostconfig'].get('volumesfrom', []) or [] + after = self.params['volumes_from'] or [] + return self._diff_update_and_compare('volumes_from', before, after) + + def diffparam_workdir(self): + before = self.info['config']['workingdir'] + after = self.params['workdir'] + return self._diff_update_and_compare('workdir', before, after) + + def is_different(self): + diff_func_list = [func for func in dir(self) + if callable(getattr(self, func)) and func.startswith( + "diffparam")] + fail_fast = not bool(self.module._diff) + different = False + for func_name in diff_func_list: + dff_func = getattr(self, func_name) + if dff_func(): + if fail_fast: + return True + different = True + # Check non idempotent parameters + for p in self.non_idempotent: + if self.module_params[p] is not None and self.module_params[p] not in [{}, [], '']: + different = True + return different + + +def ensure_image_exists(module, image, module_params): + """If image is passed, ensure it exists, if not - pull it or fail. + + Arguments: + module {obj} -- ansible module object + image {str} -- name of image + + Returns: + list -- list of image actions - if it pulled or nothing was done + """ + image_actions = [] + module_exec = module_params['executable'] + is_rootfs = module_params['rootfs'] + + if is_rootfs: + if not os.path.exists(image) or not os.path.isdir(image): + module.fail_json(msg="Image rootfs doesn't exist %s" % image) + return image_actions + if not image: + return image_actions + rc, out, err = module.run_command([module_exec, 'image', 'exists', image]) + if rc == 0: + return image_actions + rc, out, err = module.run_command([module_exec, 'image', 'pull', image]) + if rc != 0: + module.fail_json(msg="Can't pull image %s" % image, stdout=out, + stderr=err) + image_actions.append("pulled image %s" % image) + return image_actions + + +class PodmanContainer: + """Perform container tasks. + + Manages podman container, inspects it and checks its current state + """ + + def __init__(self, module, name, module_params): + """Initialize PodmanContainer class. + + Arguments: + module {obj} -- ansible module object + name {str} -- name of container + """ + + self.module = module + self.module_params = module_params + self.name = name + self.stdout, self.stderr = '', '' + self.info = self.get_info() + self.version = self._get_podman_version() + self.diff = {} + self.actions = [] + + @property + def exists(self): + """Check if container exists.""" + return bool(self.info != {}) + + @property + def different(self): + """Check if container is different.""" + diffcheck = PodmanContainerDiff( + self.module, + self.module_params, + self.info, + self.get_image_info(), + self.version) + is_different = diffcheck.is_different() + diffs = diffcheck.diff + if self.module._diff and is_different and diffs['before'] and diffs['after']: + self.diff['before'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['before'].items())]) + "\n" + self.diff['after'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['after'].items())]) + "\n" + return is_different + + @property + def running(self): + """Return True if container is running now.""" + return self.exists and self.info['State']['Running'] + + @property + def stopped(self): + """Return True if container exists and is not running now.""" + return self.exists and not self.info['State']['Running'] + + def get_info(self): + """Inspect container and gather info about it.""" + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'container', b'inspect', self.name]) + return json.loads(out)[0] if rc == 0 else {} + + def get_image_info(self): + """Inspect container image and gather info about it.""" + # pylint: disable=unused-variable + is_rootfs = self.module_params['rootfs'] + if is_rootfs: + return {'Id': self.module_params['image']} + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'image', b'inspect', self.module_params['image']]) + return json.loads(out)[0] if rc == 0 else {} + + def _get_podman_version(self): + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'--version']) + if rc != 0 or not out or "version" not in out: + self.module.fail_json(msg="%s run failed!" % + self.module_params['executable']) + return out.split("version")[1].strip() + + def _perform_action(self, action): + """Perform action with container. + + Arguments: + action {str} -- action to perform - start, create, stop, run, + delete, restart + """ + b_command = PodmanModuleParams(action, + self.module_params, + self.version, + self.module, + ).construct_command_from_params() + if action == 'create': + b_command.remove(b'--detach=True') + full_cmd = " ".join([self.module_params['executable']] + + [to_native(i) for i in b_command]) + self.actions.append(full_cmd) + if self.module.check_mode: + self.module.log( + "PODMAN-CONTAINER-DEBUG (check_mode): %s" % full_cmd) + else: + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'container'] + b_command, + expand_user_and_vars=False) + self.module.log("PODMAN-CONTAINER-DEBUG: %s" % full_cmd) + if self.module_params['debug']: + self.module.log("PODMAN-CONTAINER-DEBUG STDOUT: %s" % out) + self.module.log("PODMAN-CONTAINER-DEBUG STDERR: %s" % err) + self.module.log("PODMAN-CONTAINER-DEBUG RC: %s" % rc) + self.stdout = out + self.stderr = err + if rc != 0: + self.module.fail_json( + msg="Can't %s container %s" % (action, self.name), + stdout=out, stderr=err) + + def run(self): + """Run the container.""" + self._perform_action('run') + + def delete(self): + """Delete the container.""" + self._perform_action('delete') + + def stop(self): + """Stop the container.""" + self._perform_action('stop') + + def start(self): + """Start the container.""" + self._perform_action('start') + + def restart(self): + """Restart the container.""" + self._perform_action('restart') + + def create(self): + """Create the container.""" + self._perform_action('create') + + def recreate(self): + """Recreate the container.""" + if self.running: + self.stop() + if not self.info['HostConfig']['AutoRemove']: + self.delete() + self.create() + + def recreate_run(self): + """Recreate and run the container.""" + if self.running: + self.stop() + if not self.info['HostConfig']['AutoRemove']: + self.delete() + self.run() + + +class PodmanManager: + """Module manager class. + + Defines according to parameters what actions should be applied to container + """ + + def __init__(self, module, params): + """Initialize PodmanManager class. + + Arguments: + module {obj} -- ansible module object + """ + + self.module = module + self.results = { + 'changed': False, + 'actions': [], + 'container': {}, + } + self.module_params = params + self.name = self.module_params['name'] + self.executable = \ + self.module.get_bin_path(self.module_params['executable'], + required=True) + self.image = self.module_params['image'] + image_actions = ensure_image_exists( + self.module, self.image, self.module_params) + self.results['actions'] += image_actions + self.state = self.module_params['state'] + self.restart = self.module_params['force_restart'] + self.recreate = self.module_params['recreate'] + + if self.module_params['generate_systemd'].get('new'): + self.module_params['rm'] = True + + self.container = PodmanContainer( + self.module, self.name, self.module_params) + + def update_container_result(self, changed=True): + """Inspect the current container, update results with last info, exit. + + Keyword Arguments: + changed {bool} -- whether any action was performed + (default: {True}) + """ + facts = self.container.get_info() if changed else self.container.info + out, err = self.container.stdout, self.container.stderr + self.results.update({'changed': changed, 'container': facts, + 'podman_actions': self.container.actions}, + stdout=out, stderr=err) + if self.container.diff: + self.results.update({'diff': self.container.diff}) + if self.module.params['debug'] or self.module_params['debug']: + self.results.update({'podman_version': self.container.version}) + self.results.update( + {'podman_systemd': generate_systemd(self.module, + self.module_params, + self.name, + self.container.version)}) + + def make_started(self): + """Run actions if desired state is 'started'.""" + if not self.image: + if not self.container.exists: + self.module.fail_json(msg='Cannot start container when image' + ' is not specified!') + if self.restart: + self.container.restart() + self.results['actions'].append('restarted %s' % + self.container.name) + else: + self.container.start() + self.results['actions'].append('started %s' % + self.container.name) + self.update_container_result() + return + if self.container.exists and self.restart: + if self.container.running: + self.container.restart() + self.results['actions'].append('restarted %s' % + self.container.name) + else: + self.container.start() + self.results['actions'].append('started %s' % + self.container.name) + self.update_container_result() + return + if self.container.running and \ + (self.container.different or self.recreate): + self.container.recreate_run() + self.results['actions'].append('recreated %s' % + self.container.name) + self.update_container_result() + return + elif self.container.running and not self.container.different: + if self.restart: + self.container.restart() + self.results['actions'].append('restarted %s' % + self.container.name) + self.update_container_result() + return + self.update_container_result(changed=False) + return + elif not self.container.exists: + self.container.run() + self.results['actions'].append('started %s' % self.container.name) + self.update_container_result() + return + elif self.container.stopped and self.container.different: + self.container.recreate_run() + self.results['actions'].append('recreated %s' % + self.container.name) + self.update_container_result() + return + elif self.container.stopped and not self.container.different: + self.container.start() + self.results['actions'].append('started %s' % self.container.name) + self.update_container_result() + return + + def make_created(self): + """Run actions if desired state is 'created'.""" + if not self.container.exists and not self.image: + self.module.fail_json(msg='Cannot create container when image' + ' is not specified!') + if not self.container.exists: + self.container.create() + self.results['actions'].append('created %s' % self.container.name) + self.update_container_result() + return + else: + if (self.container.different or self.recreate): + self.container.recreate() + self.results['actions'].append('recreated %s' % + self.container.name) + if self.container.running: + self.container.start() + self.results['actions'].append('started %s' % + self.container.name) + self.update_container_result() + return + elif self.restart: + if self.container.running: + self.container.restart() + self.results['actions'].append('restarted %s' % + self.container.name) + else: + self.container.start() + self.results['actions'].append('started %s' % + self.container.name) + self.update_container_result() + return + self.update_container_result(changed=False) + return + + def make_stopped(self): + """Run actions if desired state is 'stopped'.""" + if not self.container.exists and not self.image: + self.module.fail_json(msg='Cannot create container when image' + ' is not specified!') + if not self.container.exists: + self.container.create() + self.results['actions'].append('created %s' % self.container.name) + self.update_container_result() + return + if self.container.stopped: + self.update_container_result(changed=False) + return + elif self.container.running: + self.container.stop() + self.results['actions'].append('stopped %s' % self.container.name) + self.update_container_result() + return + + def make_absent(self): + """Run actions if desired state is 'absent'.""" + if not self.container.exists: + self.results.update({'changed': False}) + elif self.container.exists: + delete_systemd(self.module, + self.module_params, + self.name, + self.container.version) + self.container.delete() + self.results['actions'].append('deleted %s' % self.container.name) + self.results.update({'changed': True}) + self.results.update({'container': {}, + 'podman_actions': self.container.actions}) + + def execute(self): + """Execute the desired action according to map of actions & states.""" + states_map = { + 'present': self.make_created, + 'started': self.make_started, + 'absent': self.make_absent, + 'stopped': self.make_stopped, + 'created': self.make_created, + } + process_action = states_map[self.state] + process_action() + return self.results diff --git a/ansible_collections/containers/podman/plugins/module_utils/podman/podman_pod_lib.py b/ansible_collections/containers/podman/plugins/module_utils/podman/podman_pod_lib.py new file mode 100644 index 000000000..0b4afc0bc --- /dev/null +++ b/ansible_collections/containers/podman/plugins/module_utils/podman/podman_pod_lib.py @@ -0,0 +1,880 @@ +from __future__ import (absolute_import, division, print_function) +import json + +from ansible.module_utils._text import to_bytes, to_native +from ansible_collections.containers.podman.plugins.module_utils.podman.common import LooseVersion +from ansible_collections.containers.podman.plugins.module_utils.podman.common import lower_keys +from ansible_collections.containers.podman.plugins.module_utils.podman.common import generate_systemd +from ansible_collections.containers.podman.plugins.module_utils.podman.common import delete_systemd + + +__metaclass__ = type + +ARGUMENTS_SPEC_POD = dict( + state=dict( + type='str', + default="created", + choices=[ + 'created', + 'killed', + 'restarted', + 'absent', + 'started', + 'stopped', + 'paused', + 'unpaused', + ]), + recreate=dict(type='bool', default=False), + add_host=dict(type='list', required=False, elements='str'), + cgroup_parent=dict(type='str', required=False), + cpus=dict(type='str', required=False), + cpuset_cpus=dict(type='str', required=False), + device=dict(type='list', elements='str', required=False), + device_read_bps=dict(type='list', elements='str', required=False), + dns=dict(type='list', elements='str', required=False), + dns_opt=dict(type='list', elements='str', required=False), + dns_search=dict(type='list', elements='str', required=False), + generate_systemd=dict(type='dict', default={}), + gidmap=dict(type='list', elements='str', required=False), + hostname=dict(type='str', required=False), + infra=dict(type='bool', required=False), + infra_conmon_pidfile=dict(type='str', required=False), + infra_command=dict(type='str', required=False), + infra_image=dict(type='str', required=False), + infra_name=dict(type='str', required=False), + ip=dict(type='str', required=False), + label=dict(type='dict', required=False), + label_file=dict(type='str', required=False), + mac_address=dict(type='str', required=False), + name=dict(type='str', required=True), + network=dict(type='list', elements='str', required=False), + network_alias=dict(type='list', elements='str', required=False, + aliases=['network_aliases']), + no_hosts=dict(type='bool', required=False), + pid=dict(type='str', required=False), + pod_id_file=dict(type='str', required=False), + publish=dict(type='list', required=False, + elements='str', aliases=['ports']), + share=dict(type='str', required=False), + subgidname=dict(type='str', required=False), + subuidname=dict(type='str', required=False), + uidmap=dict(type='list', elements='str', required=False), + userns=dict(type='str', required=False), + volume=dict(type='list', elements='str', aliases=['volumes'], + required=False), + executable=dict(type='str', required=False, default='podman'), + debug=dict(type='bool', default=False), +) + + +class PodmanPodModuleParams: + """Creates list of arguments for podman CLI command. + + Arguments: + action {str} -- action type from 'run', 'stop', 'create', 'delete', + 'start' + params {dict} -- dictionary of module parameters + + """ + + def __init__(self, action, params, podman_version, module): + self.params = params + self.action = action + self.podman_version = podman_version + self.module = module + + def construct_command_from_params(self): + """Create a podman command from given module parameters. + + Returns: + list -- list of byte strings for Popen command + """ + if self.action in ['start', 'restart', 'stop', 'delete', 'pause', + 'unpause', 'kill']: + return self._simple_action() + if self.action in ['create']: + return self._create_action() + self.module.fail_json(msg="Unknown action %s" % self.action) + + def _simple_action(self): + if self.action in ['start', 'restart', 'stop', 'pause', 'unpause', 'kill']: + cmd = [self.action, self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + if self.action == 'delete': + cmd = ['rm', '-f', self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + self.module.fail_json(msg="Unknown action %s" % self.action) + + def _create_action(self): + cmd = [self.action] + all_param_methods = [func for func in dir(self) + if callable(getattr(self, func)) + and func.startswith("addparam")] + params_set = (i for i in self.params if self.params[i] is not None) + for param in params_set: + func_name = "_".join(["addparam", param]) + if func_name in all_param_methods: + cmd = getattr(self, func_name)(cmd) + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def check_version(self, param, minv=None, maxv=None): + if minv and LooseVersion(minv) > LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported from podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + if maxv and LooseVersion(maxv) < LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported till podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + + def addparam_add_host(self, c): + for g in self.params['add_host']: + c += ['--add-host', g] + return c + + def addparam_cgroup_parent(self, c): + return c + ['--cgroup-parent', self.params['cgroup_parent']] + + def addparam_cpus(self, c): + return c + ['--cpus', self.params['cpus']] + + def addparam_cpuset_cpus(self, c): + return c + ['--cpuset-cpus', self.params['cpuset_cpus']] + + def addparam_device(self, c): + for dev in self.params['device']: + c += ['--device', dev] + return c + + def addparam_device_read_bps(self, c): + for dev in self.params['device_read_bps']: + c += ['--device-read-bps', dev] + return c + + def addparam_dns(self, c): + for g in self.params['dns']: + c += ['--dns', g] + return c + + def addparam_dns_opt(self, c): + for g in self.params['dns_opt']: + c += ['--dns-opt', g] + return c + + def addparam_dns_search(self, c): + for g in self.params['dns_search']: + c += ['--dns-search', g] + return c + + def addparam_gidmap(self, c): + for gidmap in self.params['gidmap']: + c += ['--gidmap', gidmap] + return c + + def addparam_hostname(self, c): + return c + ['--hostname', self.params['hostname']] + + def addparam_infra(self, c): + return c + [b'='.join([b'--infra', + to_bytes(self.params['infra'], + errors='surrogate_or_strict')])] + + def addparam_infra_conmon_pidfile(self, c): + return c + ['--infra-conmon-pidfile', self.params['infra_conmon_pidfile']] + + def addparam_infra_command(self, c): + return c + ['--infra-command', self.params['infra_command']] + + def addparam_infra_image(self, c): + return c + ['--infra-image', self.params['infra_image']] + + def addparam_infra_name(self, c): + return c + ['--infra-name', self.params['infra_name']] + + def addparam_ip(self, c): + return c + ['--ip', self.params['ip']] + + def addparam_label(self, c): + for label in self.params['label'].items(): + c += ['--label', b'='.join( + [to_bytes(i, errors='surrogate_or_strict') for i in label])] + return c + + def addparam_label_file(self, c): + return c + ['--label-file', self.params['label_file']] + + def addparam_mac_address(self, c): + return c + ['--mac-address', self.params['mac_address']] + + def addparam_name(self, c): + return c + ['--name', self.params['name']] + + def addparam_network(self, c): + if LooseVersion(self.podman_version) >= LooseVersion('4.0.0'): + for net in self.params['network']: + c += ['--network', net] + return c + return c + ['--network', ",".join(self.params['network'])] + + def addparam_network_aliases(self, c): + for alias in self.params['network_aliases']: + c += ['--network-alias', alias] + return c + + def addparam_no_hosts(self, c): + return c + ["=".join('--no-hosts', self.params['no_hosts'])] + + def addparam_pid(self, c): + return c + ['--pid', self.params['pid']] + + def addparam_pod_id_file(self, c): + return c + ['--pod-id-file', self.params['pod_id_file']] + + def addparam_publish(self, c): + for g in self.params['publish']: + c += ['--publish', g] + return c + + def addparam_share(self, c): + return c + ['--share', self.params['share']] + + def addparam_subgidname(self, c): + return c + ['--subgidname', self.params['subgidname']] + + def addparam_subuidname(self, c): + return c + ['--subuidname', self.params['subuidname']] + + def addparam_uidmap(self, c): + for uidmap in self.params['uidmap']: + c += ['--uidmap', uidmap] + return c + + def addparam_userns(self, c): + return c + ['--userns', self.params['userns']] + + def addparam_volume(self, c): + for vol in self.params['volume']: + if vol: + c += ['--volume', vol] + return c + + +class PodmanPodDefaults: + def __init__(self, module, podman_version): + self.module = module + self.version = podman_version + self.defaults = { + 'add_host': [], + 'dns': [], + 'dns_opt': [], + 'dns_search': [], + 'infra': True, + 'label': {}, + } + + def default_dict(self): + # make here any changes to self.defaults related to podman version + # https://github.com/containers/libpod/pull/5669 + # if (LooseVersion(self.version) >= LooseVersion('1.8.0') + # and LooseVersion(self.version) < LooseVersion('1.9.0')): + # self.defaults['cpu_shares'] = 1024 + return self.defaults + + +class PodmanPodDiff: + def __init__(self, module, module_params, info, infra_info, podman_version): + self.module = module + self.module_params = module_params + self.version = podman_version + self.default_dict = None + self.info = lower_keys(info) + self.infra_info = lower_keys(infra_info) + self.params = self.defaultize() + self.diff = {'before': {}, 'after': {}} + self.non_idempotent = {} + + def defaultize(self): + params_with_defaults = {} + self.default_dict = PodmanPodDefaults( + self.module, self.version).default_dict() + for p in self.module_params: + if self.module_params[p] is None and p in self.default_dict: + params_with_defaults[p] = self.default_dict[p] + else: + params_with_defaults[p] = self.module_params[p] + return params_with_defaults + + def _diff_update_and_compare(self, param_name, before, after): + if before != after: + self.diff['before'].update({param_name: before}) + self.diff['after'].update({param_name: after}) + return True + return False + + def diffparam_add_host(self): + if not self.infra_info: + return self._diff_update_and_compare('add_host', '', '') + before = self.infra_info['hostconfig']['extrahosts'] or [] + after = self.params['add_host'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('add_host', before, after) + + def diffparam_cgroup_parent(self): + if 'cgroupparent' in self.info: + before = self.info['cgroupparent'] + elif 'config' in self.info and self.info['config'].get('cgroupparent'): + before = self.info['config']['cgroupparent'] + after = self.params['cgroup_parent'] or before + return self._diff_update_and_compare('cgroup_parent', before, after) + + def diffparam_dns(self): + if not self.infra_info: + return self._diff_update_and_compare('dns', '', '') + before = self.infra_info['hostconfig']['dns'] or [] + after = self.params['dns'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('dns', before, after) + + def diffparam_dns_opt(self): + if not self.infra_info: + return self._diff_update_and_compare('dns_opt', '', '') + before = self.infra_info['hostconfig']['dnsoptions'] or [] + after = self.params['dns_opt'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('dns_opt', before, after) + + def diffparam_dns_search(self): + if not self.infra_info: + return self._diff_update_and_compare('dns_search', '', '') + before = self.infra_info['hostconfig']['dnssearch'] or [] + after = self.params['dns_search'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('dns_search', before, after) + + def diffparam_hostname(self): + if not self.infra_info: + return self._diff_update_and_compare('hostname', '', '') + before = self.infra_info['config']['hostname'] + after = self.params['hostname'] or before + return self._diff_update_and_compare('hostname', before, after) + + # TODO(sshnaidm): https://github.com/containers/podman/issues/6968 + def diffparam_infra(self): + if 'state' in self.info and 'infracontainerid' in self.info['state']: + before = self.info['state']['infracontainerid'] != "" + else: + # TODO(sshnaidm): https://github.com/containers/podman/issues/6968 + before = 'infracontainerid' in self.info + after = self.params['infra'] + return self._diff_update_and_compare('infra', before, after) + + # TODO(sshnaidm): https://github.com/containers/podman/issues/6969 + # def diffparam_infra_command(self): + # before = str(self.info['hostconfig']['infra_command']) + # after = self.params['infra_command'] + # return self._diff_update_and_compare('infra_command', before, after) + + def diffparam_infra_image(self): + if not self.infra_info: + return self._diff_update_and_compare('infra_image', '', '') + before = str(self.infra_info['imagename']) + after = before + if self.module_params['infra_image']: + after = self.params['infra_image'] + before = before.replace(":latest", "") + after = after.replace(":latest", "") + before = before.split("/")[-1] # pylint: disable=W,C,R + after = after.split("/")[-1] # pylint: disable=W,C,R + return self._diff_update_and_compare('infra_image', before, after) + + # TODO(sshnaidm): https://github.com/containers/podman/pull/6956 + # def diffparam_ip(self): + # before = str(self.info['hostconfig']['ip']) + # after = self.params['ip'] + # return self._diff_update_and_compare('ip', before, after) + + def diffparam_label(self): + if 'config' in self.info and 'labels' in self.info['config']: + before = self.info['config'].get('labels') or {} + else: + before = self.info['labels'] if 'labels' in self.info else {} + after = self.params['label'] + # Strip out labels that are coming from systemd files + # https://github.com/containers/ansible-podman-collections/issues/276 + if 'podman_systemd_unit' in before: + after.pop('podman_systemd_unit', None) + before.pop('podman_systemd_unit', None) + return self._diff_update_and_compare('label', before, after) + + # TODO(sshnaidm): https://github.com/containers/podman/pull/6956 + # def diffparam_mac_address(self): + # before = str(self.info['hostconfig']['mac_address']) + # after = self.params['mac_address'] + # return self._diff_update_and_compare('mac_address', before, after) + + def diffparam_network(self): + if not self.infra_info: + return self._diff_update_and_compare('network', [], []) + net_mode_before = self.infra_info['hostconfig']['networkmode'] + net_mode_after = '' + before = list(self.infra_info['networksettings'].get('networks', {})) + # Remove default 'podman' network in v3 for comparison + if before == ['podman']: + before = [] + after = self.params['network'] or [] + # Special case for options for slirp4netns rootless networking from v2 + if net_mode_before == 'slirp4netns' and 'createcommand' in self.info: + cr_com = self.info['createcommand'] + if '--network' in cr_com: + cr_net = cr_com[cr_com.index('--network') + 1].lower() + if 'slirp4netns:' in cr_net: + before = [cr_net] + # Currently supported only 'host' and 'none' network modes idempotency + if after in [['bridge'], ['host'], ['slirp4netns']]: + net_mode_after = after[0] + + if net_mode_after and not before: + # Remove differences between v1 and v2 + net_mode_after = net_mode_after.replace('bridge', 'default') + net_mode_after = net_mode_after.replace('slirp4netns', 'default') + net_mode_before = net_mode_before.replace('bridge', 'default') + net_mode_before = net_mode_before.replace('slirp4netns', 'default') + return self._diff_update_and_compare('network', net_mode_before, net_mode_after) + # For 4.4.0+ podman versions with no network specified + if not net_mode_after and net_mode_before == 'slirp4netns' and not after: + net_mode_after = 'slirp4netns' + if before == ['slirp4netns']: + after = ['slirp4netns'] + if not net_mode_after and net_mode_before == 'bridge' and not after: + net_mode_after = 'bridge' + if before == ['bridge']: + after = ['bridge'] + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('network', before, after) + + # TODO(sshnaidm) + # def diffparam_no_hosts(self): + # before = str(self.info['hostconfig']['no_hosts']) + # after = self.params['no_hosts'] + # return self._diff_update_and_compare('no_hosts', before, after) + + # TODO(sshnaidm) Need to add port ranges support + def diffparam_publish(self): + def compose(p, h): + s = ":".join( + [str(h["hostport"]), p.replace('/tcp', '')] + ).strip(":") + if h['hostip']: + return ":".join([h['hostip'], s]) + return s + + if not self.infra_info: + return self._diff_update_and_compare('publish', '', '') + + ports = self.infra_info['hostconfig']['portbindings'] + before = [] + for port, hosts in ports.items(): + if hosts: + for h in hosts: + before.append(compose(port, h)) + after = self.params['publish'] or [] + after = [ + i.replace("/tcp", "").replace("[", "").replace("]", "") + for i in after] + # No support for port ranges yet + for ports in after: + if "-" in ports: + return self._diff_update_and_compare('publish', '', '') + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('publish', before, after) + + def diffparam_share(self): + if not self.infra_info: + return self._diff_update_and_compare('share', '', '') + if 'sharednamespaces' in self.info: + before = self.info['sharednamespaces'] + elif 'config' in self.info: + before = [ + i.split('shares')[1].lower() + for i in self.info['config'] if 'shares' in i] + # TODO(sshnaidm): to discover why in podman v1 'cgroup' appears + before.remove('cgroup') + else: + before = [] + if self.params['share'] is not None: + after = self.params['share'].split(",") + else: + after = ['uts', 'ipc', 'net'] + # TODO: find out why on Ubuntu the 'net' is not present + if 'net' not in before: + after.remove('net') + if self.params["uidmap"] or self.params["gidmap"]: + after.append('user') + + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('share', before, after) + + def is_different(self): + diff_func_list = [func for func in dir(self) + if callable(getattr(self, func)) and func.startswith( + "diffparam")] + fail_fast = not bool(self.module._diff) + different = False + for func_name in diff_func_list: + dff_func = getattr(self, func_name) + if dff_func(): + if fail_fast: + return True + different = True + # Check non idempotent parameters + for p in self.non_idempotent: + if self.module_params[p] is not None and self.module_params[p] not in [{}, [], '']: + different = True + return different + + +class PodmanPod: + """Perform pod tasks. + + Manages podman pod, inspects it and checks its current state + """ + + def __init__(self, module, name, module_params): + """Initialize PodmanPod class. + + Arguments: + module {obj} -- ansible module object + name {str} -- name of pod + """ + + self.module = module + self.module_params = module_params + self.name = name + self.stdout, self.stderr = '', '' + self.info = self.get_info() + self.infra_info = self.get_infra_info() + self.version = self._get_podman_version() + self.diff = {} + self.actions = [] + + @property + def exists(self): + """Check if pod exists.""" + return bool(self.info != {}) + + @property + def different(self): + """Check if pod is different.""" + diffcheck = PodmanPodDiff( + self.module, + self.module_params, + self.info, + self.infra_info, + self.version) + is_different = diffcheck.is_different() + diffs = diffcheck.diff + if self.module._diff and is_different and diffs['before'] and diffs['after']: + self.diff['before'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['before'].items())]) + "\n" + self.diff['after'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['after'].items())]) + "\n" + return is_different + + @property + def running(self): + """Return True if pod is running now.""" + if 'status' in self.info['State']: + return self.info['State']['status'] == 'Running' + # older podman versions (1.6.x) don't have status in 'podman pod inspect' + # if other methods fail, use 'podman pod ps' + ps_info = self.get_ps() + if 'status' in ps_info: + return ps_info['status'] == 'Running' + return self.info['State'] == 'Running' + + @property + def paused(self): + """Return True if pod is paused now.""" + if 'status' in self.info['State']: + return self.info['State']['status'] == 'Paused' + return self.info['State'] == 'Paused' + + @property + def stopped(self): + """Return True if pod exists and is not running now.""" + if not self.exists: + return False + if 'status' in self.info['State']: + return not (self.info['State']['status'] == 'Running') + return not (self.info['State'] == 'Running') + + def get_info(self): + """Inspect pod and gather info about it.""" + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'pod', b'inspect', self.name]) + return json.loads(out) if rc == 0 else {} + + def get_ps(self): + """Inspect pod process and gather info about it.""" + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'pod', b'ps', b'--format', b'json', b'--filter', 'name=' + self.name]) + return json.loads(out)[0] if rc == 0 else {} + + def get_infra_info(self): + """Inspect pod and gather info about it.""" + if not self.info: + return {} + if 'InfraContainerID' in self.info: + infra_container_id = self.info['InfraContainerID'] + elif 'State' in self.info and 'infraContainerID' in self.info['State']: + infra_container_id = self.info['State']['infraContainerID'] + else: + return {} + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'inspect', infra_container_id]) + return json.loads(out)[0] if rc == 0 else {} + + def _get_podman_version(self): + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'--version']) + if rc != 0 or not out or "version" not in out: + self.module.fail_json(msg="%s run failed!" % self.module_params['executable']) + return out.split("version")[1].strip() + + def _perform_action(self, action): + """Perform action with pod. + + Arguments: + action {str} -- action to perform - start, create, stop, pause + unpause, delete, restart, kill + """ + b_command = PodmanPodModuleParams(action, + self.module_params, + self.version, + self.module, + ).construct_command_from_params() + full_cmd = " ".join([self.module_params['executable'], 'pod'] + + [to_native(i) for i in b_command]) + self.module.log("PODMAN-POD-DEBUG: %s" % full_cmd) + self.actions.append(full_cmd) + if not self.module.check_mode: + rc, out, err = self.module.run_command( + [self.module_params['executable'], b'pod'] + b_command, + expand_user_and_vars=False) + self.stdout = out + self.stderr = err + if rc != 0: + self.module.fail_json( + msg="Can't %s pod %s" % (action, self.name), + stdout=out, stderr=err) + + def delete(self): + """Delete the pod.""" + self._perform_action('delete') + + def stop(self): + """Stop the pod.""" + self._perform_action('stop') + + def start(self): + """Start the pod.""" + self._perform_action('start') + + def create(self): + """Create the pod.""" + self._perform_action('create') + + def recreate(self): + """Recreate the pod.""" + self.delete() + self.create() + + def restart(self): + """Restart the pod.""" + self._perform_action('restart') + + def kill(self): + """Kill the pod.""" + self._perform_action('kill') + + def pause(self): + """Pause the pod.""" + self._perform_action('pause') + + def unpause(self): + """Unpause the pod.""" + self._perform_action('unpause') + + +class PodmanPodManager: + """Module manager class. + + Defines according to parameters what actions should be applied to pod + """ + + def __init__(self, module, params): + """Initialize PodmanManager class. + + Arguments: + module {obj} -- ansible module object + """ + + self.module = module + self.module_params = params + self.results = { + 'changed': False, + 'actions': [], + 'pod': {}, + } + self.name = self.module_params['name'] + self.executable = \ + self.module.get_bin_path(self.module_params['executable'], + required=True) + self.state = self.module_params['state'] + self.recreate = self.module_params['recreate'] + self.pod = PodmanPod(self.module, self.name, self.module_params) + + def update_pod_result(self, changed=True): + """Inspect the current pod, update results with last info, exit. + + Keyword Arguments: + changed {bool} -- whether any action was performed + (default: {True}) + """ + facts = self.pod.get_info() if changed else self.pod.info + out, err = self.pod.stdout, self.pod.stderr + self.results.update({'changed': changed, 'pod': facts, + 'podman_actions': self.pod.actions}, + stdout=out, stderr=err) + if self.pod.diff: + self.results.update({'diff': self.pod.diff}) + if self.module.params['debug'] or self.module_params['debug']: + self.results.update({'podman_version': self.pod.version}) + self.results.update( + {'podman_systemd': generate_systemd(self.module, + self.module_params, + self.name, + self.pod.version)}) + + def execute(self): + """Execute the desired action according to map of actions & states.""" + states_map = { + 'created': self.make_created, + 'started': self.make_started, + 'stopped': self.make_stopped, + 'restarted': self.make_restarted, + 'absent': self.make_absent, + 'killed': self.make_killed, + 'paused': self.make_paused, + 'unpaused': self.make_unpaused, + + } + process_action = states_map[self.state] + process_action() + return self.results + + def _create_or_recreate_pod(self): + """Ensure pod exists and is exactly as it should be by input params.""" + changed = False + if self.pod.exists: + if self.pod.different or self.recreate: + self.pod.recreate() + self.results['actions'].append('recreated %s' % self.pod.name) + changed = True + elif not self.pod.exists: + self.pod.create() + self.results['actions'].append('created %s' % self.pod.name) + changed = True + return changed + + def make_created(self): + """Run actions if desired state is 'created'.""" + if self.pod.exists and not self.pod.different: + self.update_pod_result(changed=False) + return + self._create_or_recreate_pod() + self.update_pod_result() + + def make_killed(self): + """Run actions if desired state is 'killed'.""" + self._create_or_recreate_pod() + self.pod.kill() + self.results['actions'].append('killed %s' % self.pod.name) + self.update_pod_result() + + def make_paused(self): + """Run actions if desired state is 'paused'.""" + changed = self._create_or_recreate_pod() + if self.pod.paused: + self.update_pod_result(changed=changed) + return + self.pod.pause() + self.results['actions'].append('paused %s' % self.pod.name) + self.update_pod_result() + + def make_unpaused(self): + """Run actions if desired state is 'unpaused'.""" + changed = self._create_or_recreate_pod() + if not self.pod.paused: + self.update_pod_result(changed=changed) + return + self.pod.unpause() + self.results['actions'].append('unpaused %s' % self.pod.name) + self.update_pod_result() + + def make_started(self): + """Run actions if desired state is 'started'.""" + changed = self._create_or_recreate_pod() + if not changed and self.pod.running: + self.update_pod_result(changed=changed) + return + + # self.pod.unpause() TODO(sshnaidm): to unpause if state == started? + self.pod.start() + self.results['actions'].append('started %s' % self.pod.name) + self.update_pod_result() + + def make_stopped(self): + """Run actions if desired state is 'stopped'.""" + if not self.pod.exists: + self.module.fail_json("Pod %s doesn't exist!" % self.pod.name) + if self.pod.running: + self.pod.stop() + self.results['actions'].append('stopped %s' % self.pod.name) + self.update_pod_result() + elif self.pod.stopped: + self.update_pod_result(changed=False) + + def make_restarted(self): + """Run actions if desired state is 'restarted'.""" + if self.pod.exists: + self.pod.restart() + self.results['actions'].append('restarted %s' % self.pod.name) + self.results.update({'changed': True}) + self.update_pod_result() + else: + self.module.fail_json("Pod %s doesn't exist!" % self.pod.name) + + def make_absent(self): + """Run actions if desired state is 'absent'.""" + if not self.pod.exists: + self.results.update({'changed': False}) + elif self.pod.exists: + delete_systemd(self.module, + self.module_params, + self.name, + self.pod.version) + self.pod.delete() + self.results['actions'].append('deleted %s' % self.pod.name) + self.results.update({'changed': True}) + self.results.update({'pod': {}, + 'podman_actions': self.pod.actions}) diff --git a/ansible_collections/containers/podman/plugins/modules/__init__.py b/ansible_collections/containers/podman/plugins/modules/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/plugins/modules/podman_container.py b/ansible_collections/containers/podman/plugins/modules/podman_container.py new file mode 100644 index 000000000..7878352da --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_container.py @@ -0,0 +1,1063 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# flake8: noqa: E501 + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = r""" +module: podman_container +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.0.0' +short_description: Manage podman containers +notes: [] +description: + - Start, stop, restart and manage Podman containers +requirements: + - podman +options: + name: + description: + - Name of the container + required: True + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str + state: + description: + - I(absent) - A container matching the specified name will be stopped and + removed. + - I(present) - Asserts the existence of a container matching the name and + any provided configuration parameters. If no container matches the + name, a container will be created. If a container matches the name but + the provided configuration does not match, the container will be + updated, if it can be. If it cannot be updated, it will be removed and + re-created with the requested config. Image version will be taken into + account when comparing configuration. Use the recreate option to force + the re-creation of the matching container. + - I(started) - Asserts there is a running container matching the name and + any provided configuration. If no container matches the name, a + container will be created and started. Use recreate to always re-create + a matching container, even if it is running. Use force_restart to force + a matching container to be stopped and restarted. + - I(stopped) - Asserts that the container is first I(present), and then + if the container is running moves it to a stopped state. + - I(created) - Asserts that the container exists with given configuration. + If container doesn't exist, the module creates it and leaves it in + 'created' state. If configuration doesn't match or 'recreate' option is + set, the container will be recreated + type: str + default: started + choices: + - absent + - present + - stopped + - started + - created + image: + description: + - Repository path (or image name) and tag used to create the container. + If an image is not found, the image will be pulled from the registry. + If no tag is included, C(latest) will be used. + - Can also be an image ID. If this is the case, the image is assumed to + be available locally. + type: str + annotation: + description: + - Add an annotation to the container. The format is key value, multiple + times. + type: dict + authfile: + description: + - Path of the authentication file. Default is + ``${XDG_RUNTIME_DIR}/containers/auth.json`` + (Not available for remote commands) You can also override the default + path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` + environment variable. ``export REGISTRY_AUTH_FILE=path`` + type: path + blkio_weight: + description: + - Block IO weight (relative weight) accepts a weight value between 10 and + 1000 + type: int + blkio_weight_device: + description: + - Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT). + type: dict + cap_add: + description: + - List of capabilities to add to the container. + type: list + elements: str + aliases: + - capabilities + cap_drop: + description: + - List of capabilities to drop from the container. + type: list + elements: str + cgroup_parent: + description: + - Path to cgroups under which the cgroup for the container will be + created. + If the path is not absolute, the path is considered to be relative to + the cgroups path of the init process. Cgroups will be created if they + do not already exist. + type: path + cgroupns: + description: + - Path to cgroups under which the cgroup for the container will be + created. + type: str + cgroups: + description: + - Determines whether the container will create CGroups. + Valid values are enabled and disabled, which the default being enabled. + The disabled option will force the container to not create CGroups, + and thus conflicts with CGroup options cgroupns and cgroup-parent. + type: str + cidfile: + description: + - Write the container ID to the file + type: path + cmd_args: + description: + - Any additional command options you want to pass to podman command itself, + for example C(--log-level=debug) or C(--syslog). This is NOT command to + run in container, but rather options for podman itself. + For container command please use I(command) option. + type: list + elements: str + conmon_pidfile: + description: + - Write the pid of the conmon process to a file. + conmon runs in a separate process than Podman, + so this is necessary when using systemd to restart Podman containers. + type: path + command: + description: + - Override command of container. Can be a string or a list. + type: raw + cpu_period: + description: + - Limit the CPU real-time period in microseconds + type: int + cpu_rt_period: + description: + - Limit the CPU real-time period in microseconds. + Limit the container's Real Time CPU usage. This flag tell the kernel to + restrict the container's Real Time CPU usage to the period you specify. + type: int + cpu_rt_runtime: + description: + - Limit the CPU real-time runtime in microseconds. + This flag tells the kernel to limit the amount of time in a given CPU + period Real Time tasks may consume. + type: int + cpu_shares: + description: + - CPU shares (relative weight) + type: int + cpus: + description: + - Number of CPUs. The default is 0.0 which means no limit. + type: str + cpuset_cpus: + description: + - CPUs in which to allow execution (0-3, 0,1) + type: str + cpuset_mems: + description: + - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only + effective on NUMA systems. + type: str + detach: + description: + - Run container in detach mode + type: bool + default: True + debug: + description: + - Return additional information which can be helpful for investigations. + type: bool + default: False + detach_keys: + description: + - Override the key sequence for detaching a container. Format is a single + character or ctrl-value + type: str + device: + description: + - Add a host device to the container. + The format is [:][:] + (e.g. device /dev/sdc:/dev/xvdc:rwm) + type: list + elements: str + device_read_bps: + description: + - Limit read rate (bytes per second) from a device + (e.g. device-read-bps /dev/sda:1mb) + type: list + elements: str + device_read_iops: + description: + - Limit read rate (IO per second) from a device + (e.g. device-read-iops /dev/sda:1000) + type: list + elements: str + device_write_bps: + description: + - Limit write rate (bytes per second) to a device + (e.g. device-write-bps /dev/sda:1mb) + type: list + elements: str + device_write_iops: + description: + - Limit write rate (IO per second) to a device + (e.g. device-write-iops /dev/sda:1000) + type: list + elements: str + dns: + description: + - Set custom DNS servers + type: list + elements: str + aliases: + - dns_servers + dns_option: + description: + - Set custom DNS options + type: str + aliases: + - dns_opts + dns_search: + description: + - Set custom DNS search domains (Use dns_search with '' if you don't wish + to set the search domain) + type: str + aliases: + - dns_search_domains + entrypoint: + description: + - Overwrite the default ENTRYPOINT of the image + type: str + env: + description: + - Set environment variables. + This option allows you to specify arbitrary environment variables that + are available for the process that will be launched inside of the + container. + type: dict + env_file: + description: + - Read in a line delimited file of environment variables. Doesn't support + idempotency. If users changes the file with environment variables it's + on them to recreate the container. + type: path + env_host: + description: + - Use all current host environment variables in container. + Defaults to false. + type: bool + etc_hosts: + description: + - Dict of host-to-IP mappings, where each host name is a key in the + dictionary. Each host name will be added to the container's + ``/etc/hosts`` file. + type: dict + aliases: + - add_hosts + expose: + description: + - Expose a port, or a range of ports (e.g. expose "3300-3310") to set up + port redirection on the host system. + type: list + elements: str + aliases: + - exposed + - exposed_ports + force_restart: + description: + - Force restart of container. + type: bool + default: False + aliases: + - restart + generate_systemd: + description: + - Generate systemd unit file for container. + type: dict + default: {} + suboptions: + path: + description: + - Specify a path to the directory where unit files will be generated. + Required for this option. If it doesn't exist, the directory will be created. + type: str + required: false + restart_policy: + description: + - Specify a restart policy for the service. The restart-policy must be one of + "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always". + The default policy is "on-failure". + type: str + required: false + choices: + - 'no' + - 'on-success' + - 'on-failure' + - 'on-abnormal' + - 'on-watchdog' + - 'on-abort' + - 'always' + time: + description: + - Override the default stop timeout for the container with the given value. + type: int + required: false + no_header: + description: + - Do not generate the header including meta data such as the Podman version and the timestamp. + From podman version 3.1.0. + type: bool + default: false + names: + description: + - Use names of the containers for the start, stop, and description in the unit file. + Default is true. + type: bool + default: true + container_prefix: + description: + - Set the systemd unit name prefix for containers. The default is "container". + type: str + required: false + pod_prefix: + description: + - Set the systemd unit name prefix for pods. The default is "pod". + type: str + required: false + separator: + description: + - Set the systemd unit name separator between the name/id of a + container/pod and the prefix. The default is "-" (dash). + type: str + required: false + new: + description: + - Create containers and pods when the unit is started instead of + expecting them to exist. The default is "false". + Refer to podman-generate-systemd(1) for more information. + type: bool + default: false + after: + type: list + elements: str + required: false + description: + - Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service. + wants: + type: list + elements: str + required: false + description: + - Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on. + requires: + type: list + elements: str + required: false + description: + - Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency. + gidmap: + description: + - Run the container in a new user namespace using the supplied mapping. + type: list + elements: str + group_add: + description: + - Add additional groups to run as + type: list + elements: str + aliases: + - groups + healthcheck: + description: + - Set or alter a healthcheck command for a container. + type: str + healthcheck_interval: + description: + - Set an interval for the healthchecks + (a value of disable results in no automatic timer setup) + (default "30s") + type: str + healthcheck_retries: + description: + - The number of retries allowed before a healthcheck is considered to be + unhealthy. The default value is 3. + type: int + healthcheck_start_period: + description: + - The initialization time needed for a container to bootstrap. + The value can be expressed in time format like 2m3s. The default value + is 0s + type: str + healthcheck_timeout: + description: + - The maximum time allowed to complete the healthcheck before an interval + is considered failed. Like start-period, the value can be expressed in + a time format such as 1m22s. The default value is 30s + type: str + hooks_dir: + description: + - Each .json file in the path configures a hook for Podman containers. + For more details on the syntax of the JSON files and the semantics of + hook injection, see oci-hooks(5). Can be set multiple times. + type: list + elements: str + hostname: + description: + - Container host name. Sets the container host name that is available + inside the container. + type: str + http_proxy: + description: + - By default proxy environment variables are passed into the container if + set for the podman process. This can be disabled by setting the + http_proxy option to false. The environment variables passed in + include http_proxy, https_proxy, ftp_proxy, no_proxy, and also the + upper case versions of those. + Defaults to true + type: bool + image_volume: + description: + - Tells podman how to handle the builtin image volumes. + The options are bind, tmpfs, or ignore (default bind) + type: str + choices: + - 'bind' + - 'tmpfs' + - 'ignore' + image_strict: + description: + - Whether to compare images in idempotency by taking into account a full + name with registry and namespaces. + type: bool + default: False + init: + description: + - Run an init inside the container that forwards signals and reaps + processes. The default is false. + type: bool + init_path: + description: + - Path to the container-init binary. + type: str + interactive: + description: + - Keep STDIN open even if not attached. The default is false. + When set to true, keep stdin open even if not attached. + The default is false. + type: bool + ip: + description: + - Specify a static IP address for the container, for example + '10.88.64.128'. + Can only be used if no additional CNI networks to join were specified + via 'network:', and if the container is not joining another container's + network namespace via 'network container:'. + The address must be within the default CNI network's pool + (default 10.88.0.0/16). + type: str + ipc: + description: + - Default is to create a private IPC namespace (POSIX SysV IPC) for the + container + type: str + aliases: + - ipc_mode + kernel_memory: + description: + - Kernel memory limit + (format [], where unit = b, k, m or g) + Note - idempotency is supported for integers only. + type: str + label: + description: + - Add metadata to a container, pass dictionary of label names and values + aliases: + - labels + type: dict + label_file: + description: + - Read in a line delimited file of labels + type: str + log_driver: + description: + - Logging driver. Used to set the log driver for the container. + For example log_driver "k8s-file". + type: str + choices: + - k8s-file + - journald + - json-file + log_level: + description: + - Logging level for Podman. Log messages above specified level + ("debug"|"info"|"warn"|"error"|"fatal"|"panic") (default "error") + type: str + choices: + - debug + - info + - warn + - error + - fatal + - panic + log_opt: + description: + - Logging driver specific options. Used to set the path to the container + log file. + type: dict + aliases: + - log_options + suboptions: + path: + description: + - Specify a path to the log file (e.g. /var/log/container/mycontainer.json). + type: str + required: false + max_size: + description: + - Specify a max size of the log file (e.g 10mb). + type: str + required: false + tag: + description: + - Specify a custom log tag for the container. + type: str + required: false + + mac_address: + description: + - Specify a MAC address for the container, for example + '92:d0:c6:0a:29:33'. + Don't forget that it must be unique within one Ethernet network. + type: str + memory: + description: + - Memory limit (format 10k, where unit = b, k, m or g) + Note - idempotency is supported for integers only. + type: str + memory_reservation: + description: + - Memory soft limit (format 100m, where unit = b, k, m or g) + Note - idempotency is supported for integers only. + type: str + memory_swap: + description: + - A limit value equal to memory plus swap. Must be used with the -m + (--memory) flag. + The swap LIMIT should always be larger than -m (--memory) value. + By default, the swap LIMIT will be set to double the value of --memory + Note - idempotency is supported for integers only. + type: str + memory_swappiness: + description: + - Tune a container's memory swappiness behavior. Accepts an integer + between 0 and 100. + type: int + mount: + description: + - Attach a filesystem mount to the container. bind or tmpfs + For example mount + "type=bind,source=/path/on/host,destination=/path/in/container" + type: list + elements: str + aliases: + - mounts + network: + description: + - Set the Network mode for the container + * bridge create a network stack on the default bridge + * none no networking + * container: reuse another container's network stack + * host use the podman host network stack. + * | connect to a user-defined network + * ns: path to a network namespace to join + * slirp4netns use slirp4netns to create a user network stack. + This is the default for rootless containers + type: list + elements: str + aliases: + - net + - network_mode + network_aliases: + description: + - Add network-scoped alias for the container. + A container will only have access to aliases on the first network that it joins. + This is a limitation that will be removed in a later release. + type: list + elements: str + no_hosts: + description: + - Do not create /etc/hosts for the container + Default is false. + type: bool + oom_kill_disable: + description: + - Whether to disable OOM Killer for the container or not. + Default is false. + type: bool + oom_score_adj: + description: + - Tune the host's OOM preferences for containers (accepts -1000 to 1000) + type: int + pid: + description: + - Set the PID mode for the container + type: str + aliases: + - pid_mode + pids_limit: + description: + - Tune the container's PIDs limit. Set -1 to have unlimited PIDs for the + container. + type: str + pod: + description: + - Run container in an existing pod. + If you want podman to make the pod for you, prefix the pod name + with "new:" + type: str + privileged: + description: + - Give extended privileges to this container. The default is false. + type: bool + publish: + description: + - Publish a container's port, or range of ports, to the host. + Format - ip:hostPort:containerPort | ip::containerPort | + hostPort:containerPort | containerPort + In case of only containerPort is set, the hostPort will chosen + randomly by Podman. + type: list + elements: str + aliases: + - ports + - published + - published_ports + publish_all: + description: + - Publish all exposed ports to random ports on the host interfaces. The + default is false. + type: bool + read_only: + description: + - Mount the container's root filesystem as read only. Default is false + type: bool + read_only_tmpfs: + description: + - If container is running in --read-only mode, then mount a read-write + tmpfs on /run, /tmp, and /var/tmp. The default is true + type: bool + recreate: + description: + - Use with present and started states to force the re-creation of an + existing container. + type: bool + default: False + requires: + description: + - Specify one or more requirements. A requirement is a dependency + container that will be started before this container. + Containers can be specified by name or ID. + type: list + elements: str + restart_policy: + description: + - Restart policy to follow when containers exit. + Restart policy will not take effect if a container is stopped via the + podman kill or podman stop commands. Valid values are + * no - Do not restart containers on exit + * on-failure[:max_retries] - Restart containers when they exit with a + non-0 exit code, retrying indefinitely + or until the optional max_retries count is hit + * always - Restart containers when they exit, regardless of status, + retrying indefinitely + type: str + rm: + description: + - Automatically remove the container when it exits. The default is false. + type: bool + aliases: + - remove + - auto_remove + rootfs: + description: + - If true, the first argument refers to an exploded container on the file + system. The default is false. + type: bool + sdnotify: + description: + - Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. + Can be container, conmon, ignore. + type: str + secrets: + description: + - Add the named secrets into the container. + The format is C(secret[,opt=opt...]), see + L(documentation,https://docs.podman.io/en/latest/markdown/podman-run.1.html#secret-secret-opt-opt) for more details. + type: list + elements: str + security_opt: + description: + - Security Options. For example security_opt "seccomp=unconfined" + type: list + elements: str + shm_size: + description: + - Size of /dev/shm. The format is . number must be greater + than 0. + Unit is optional and can be b (bytes), k (kilobytes), m(megabytes), or + g (gigabytes). + If you omit the unit, the system uses bytes. If you omit the size + entirely, the system uses 64m + type: str + sig_proxy: + description: + - Proxy signals sent to the podman run command to the container process. + SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true. + type: bool + stop_signal: + description: + - Signal to stop a container. Default is SIGTERM. + type: int + stop_timeout: + description: + - Timeout (in seconds) to stop a container. Default is 10. + type: int + subgidname: + description: + - Run the container in a new user namespace using the map with 'name' in + the /etc/subgid file. + type: str + subuidname: + description: + - Run the container in a new user namespace using the map with 'name' in + the /etc/subuid file. + type: str + sysctl: + description: + - Configure namespaced kernel parameters at runtime + type: dict + systemd: + description: + - Run container in systemd mode. The default is true. + type: str + timezone: + description: + - Set timezone in container. This flag takes area-based timezones, + GMT time, as well as local, which sets the timezone in the container to + match the host machine. + See /usr/share/zoneinfo/ for valid timezones. + Remote connections use local containers.conf for defaults. + type: str + tmpfs: + description: + - Create a tmpfs mount. For example tmpfs + "/tmp" "rw,size=787448k,mode=1777" + type: dict + tty: + description: + - Allocate a pseudo-TTY. The default is false. + type: bool + uidmap: + description: + - Run the container in a new user namespace using the supplied mapping. + type: list + elements: str + ulimit: + description: + - Ulimit options + type: list + elements: str + aliases: + - ulimits + user: + description: + - Sets the username or UID used and optionally the groupname or GID for + the specified command. + type: str + userns: + description: + - Set the user namespace mode for the container. + It defaults to the PODMAN_USERNS environment variable. + An empty value means user namespaces are disabled. + type: str + aliases: + - userns_mode + uts: + description: + - Set the UTS mode for the container + type: str + volume: + description: + - Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR, + podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the + podman container. + type: list + elements: str + aliases: + - volumes + volumes_from: + description: + - Mount volumes from the specified container(s). + type: list + elements: str + workdir: + description: + - Working directory inside the container. + The default working directory for running binaries within a container + is the root directory (/). + type: str + aliases: + - working_dir +""" + +EXAMPLES = r""" +- name: Run container + containers.podman.podman_container: + name: container + image: quay.io/bitnami/wildfly + state: started + +- name: Create a data container + containers.podman.podman_container: + name: mydata + image: busybox + volume: + - /tmp/data + +- name: Re-create a redis container with systemd service file generated in /tmp/ + containers.podman.podman_container: + name: myredis + image: redis + command: redis-server --appendonly yes + state: present + recreate: true + expose: + - 6379 + volumes_from: + - mydata + generate_systemd: + path: /tmp/ + restart_policy: always + time: 120 + names: true + container_prefix: ainer + +- name: Restart a container + containers.podman.podman_container: + name: myapplication + image: redis + state: started + restart: true + etc_hosts: + other: "127.0.0.1" + restart_policy: "no" + device: "/dev/sda:/dev/xvda:rwm" + ports: + - "8080:9000" + - "127.0.0.1:8081:9001/udp" + env: + SECRET_KEY: "ssssh" + BOOLEAN_KEY: "yes" + +- name: Container present + containers.podman.podman_container: + name: mycontainer + state: present + image: ubuntu:14.04 + command: "sleep 1d" + +- name: Stop a container + containers.podman.podman_container: + name: mycontainer + state: stopped + +- name: Start 4 load-balanced containers + containers.podman.podman_container: + name: "container{{ item }}" + recreate: true + image: someuser/anotherappimage + command: sleep 1d + with_sequence: count=4 + +- name: remove container + containers.podman.podman_container: + name: ohno + state: absent + +- name: Writing output + containers.podman.podman_container: + name: myservice + image: busybox + log_options: path=/var/log/container/mycontainer.json + log_driver: k8s-file +""" + +RETURN = r""" +container: + description: + - Facts representing the current state of the container. Matches the + podman inspection output. + - Note that facts are part of the registered vars since Ansible 2.8. For + compatibility reasons, the facts + are also accessible directly as C(podman_container). Note that the + returned fact will be removed in Ansible 2.12. + - Empty if C(state) is I(absent). + returned: always + type: dict + sample: '{ + "AppArmorProfile": "", + "Args": [ + "sh" + ], + "BoundingCaps": [ + "CAP_CHOWN", + ... + ], + "Config": { + "Annotations": { + "io.kubernetes.cri-o.ContainerType": "sandbox", + "io.kubernetes.cri-o.TTY": "false" + }, + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "sh" + ], + "Domainname": "", + "Entrypoint": "", + "Env": [ + "PATH=/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "HOSTNAME=", + "container=podman" + ], + "Hostname": "", + "Image": "docker.io/library/busybox:latest", + "Labels": null, + "OpenStdin": false, + "StdinOnce": false, + "StopSignal": 15, + "Tty": false, + "User": { + "gid": 0, + "uid": 0 + }, + "Volumes": null, + "WorkingDir": "/" + }, + "ConmonPidFile": "...", + "Created": "2019-06-17T19:13:09.873858307+03:00", + "Dependencies": [], + "Driver": "overlay", + "EffectiveCaps": [ + "CAP_CHOWN", + ... + ], + "ExecIDs": [], + "ExitCommand": [ + "/usr/bin/podman", + "--root", + ... + ], + "GraphDriver": { + ... + }, + "HostConfig": { + ... + }, + "HostnamePath": "...", + "HostsPath": "...", + "ID": "...", + "Image": "...", + "ImageName": "docker.io/library/busybox:latest", + "IsInfra": false, + "LogPath": "/tmp/container/mycontainer.json", + "MountLabel": "system_u:object_r:container_file_t:s0:c282,c782", + "Mounts": [ + ... + ], + "Name": "myservice", + "Namespace": "", + "NetworkSettings": { + "Bridge": "", + ... + }, + "Path": "sh", + "ProcessLabel": "system_u:system_r:container_t:s0:c282,c782", + "ResolvConfPath": "...", + "RestartCount": 0, + "Rootfs": "", + "State": { + "Dead": false, + "Error": "", + "ExitCode": 0, + "FinishedAt": "2019-06-17T19:13:10.157518963+03:00", + "Healthcheck": { + "FailingStreak": 0, + "Log": null, + "Status": "" + }, + "OOMKilled": false, + "OciVersion": "1.0.1-dev", + "Paused": false, + "Pid": 4083, + "Restarting": false, + "Running": false, + "StartedAt": "2019-06-17T19:13:10.152479729+03:00", + "Status": "exited" + }, + "StaticDir": "..." + ... + }' +""" + +from ansible.module_utils.basic import AnsibleModule # noqa: F402 +from ..module_utils.podman.podman_container_lib import PodmanManager # noqa: F402 +from ..module_utils.podman.podman_container_lib import ARGUMENTS_SPEC_CONTAINER # noqa: F402 + + +def main(): + module = AnsibleModule( + argument_spec=ARGUMENTS_SPEC_CONTAINER, + mutually_exclusive=( + ['no_hosts', 'etc_hosts'], + ), + supports_check_mode=True, + ) + + # work on input vars + if (module.params['state'] in ['present', 'created'] + and not module.params['force_restart'] + and not module.params['image']): + module.fail_json(msg="State '%s' required image to be configured!" % + module.params['state']) + + results = PodmanManager(module, module.params).execute() + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_container_info.py b/ansible_collections/containers/podman/plugins/modules/podman_container_info.py new file mode 100644 index 000000000..bbdd29fb9 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_container_info.py @@ -0,0 +1,416 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +module: podman_container_info +author: + - Sagi Shnaidman (@sshnaidm) + - Emilien Macchi (@EmilienM) +short_description: Gather facts about containers using podman +notes: + - Podman may require elevated privileges in order to run properly. +description: + - Gather facts about containers using C(podman) +requirements: + - "Podman installed on host" +options: + name: + description: + - List of container names to gather facts about. If no name is given + return facts about all containers. + type: list + elements: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +''' + +EXAMPLES = r""" +- name: Gather facts for all containers + containers.podman.podman_container_info: + +- name: Gather facts on a specific container + containers.podman.podman_container_info: + name: web1 + +- name: Gather facts on several containers + containers.podman.podman_container_info: + name: + - redis + - web1 +""" + +RETURN = r""" +containers: + description: Facts from all or specificed containers + returned: always + type: list + elements: dict + sample: [ + { + "Id": "c5c39f9b80a6ea2ad665aa9946435934e478a0c5322da835f3883872f", + "Created": "2019-10-01T12:51:00.233106443Z", + "Path": "dumb-init", + "Args": [ + "--single-child", + "--", + "kolla_start" + ], + "State": { + "OciVersion": "1.0.1-dev", + "Status": "configured", + "Running": false, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 0, + "ExitCode": 0, + "Error": "", + "StartedAt": "0001-01-01T00:00:00Z", + "FinishedAt": "0001-01-01T00:00:00Z", + "Healthcheck": { + "Status": "", + "FailingStreak": 0, + "Log": null + } + }, + "Image": "0e267acda67d0ebd643e900d820a91b961d859743039e620191ca1", + "ImageName": "docker.io/tripleomaster/centos-haproxy:latest", + "Rootfs": "", + "Pod": "", + "ResolvConfPath": "", + "HostnamePath": "", + "HostsPath": "", + "OCIRuntime": "runc", + "Name": "haproxy", + "RestartCount": 0, + "Driver": "overlay", + "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c78,c866", + "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c785,c866", + "AppArmorProfile": "", + "EffectiveCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FSETID", + "CAP_FOWNER", + "CAP_MKNOD", + "CAP_NET_RAW", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETFCAP", + "CAP_SETPCAP", + "CAP_NET_BIND_SERVICE", + "CAP_SYS_CHROOT", + "CAP_KILL", + "CAP_AUDIT_WRITE" + ], + "BoundingCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FSETID", + "CAP_FOWNER", + "CAP_MKNOD", + "CAP_NET_RAW", + "CAP_SETGID", + "CAP_SETUID", + "CAP_SETFCAP", + "CAP_SETPCAP", + "CAP_NET_BIND_SERVICE", + "CAP_SYS_CHROOT", + "CAP_KILL", + "CAP_AUDIT_WRITE" + ], + "ExecIDs": [], + "GraphDriver": { + "Name": "overlay" + }, + "Mounts": [], + "Dependencies": [], + "NetworkSettings": { + "Bridge": "", + "SandboxID": "", + "HairpinMode": false, + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "Ports": [], + "SandboxKey": "", + "SecondaryIPAddresses": null, + "SecondaryIPv6Addresses": null, + "EndpointID": "", + "Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "", + "IPPrefixLen": 0, + "IPv6Gateway": "", + "MacAddress": "" + }, + "ExitCommand": [ + "/usr/bin/podman", + "--root", + "/var/lib/containers/storage", + "--runroot", + "/var/run/containers/storage", + "--log-level", + "error", + "--cgroup-manager", + "systemd", + "--tmpdir", + "/var/run/libpod", + "--runtime", + "runc", + "--storage-driver", + "overlay", + "--events-backend", + "journald", + "container", + "cleanup", + "c9e813703f9b80a6ea2ad665aa9946435934e478a0c5322da835f3883872f" + ], + "Namespace": "", + "IsInfra": false, + "Config": { + "Hostname": "c5c39e813703", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "HOSTNAME=", + "container=oci", + "KOLLA_INSTALL_METATYPE=rdo", + "KOLLA_BASE_DISTRO=centos", + "KOLLA_INSTALL_TYPE=binary", + "KOLLA_DISTRO_PYTHON_VERSION=2.7", + "KOLLA_BASE_ARCH=x86_64" + ], + "Cmd": [ + "kolla_start" + ], + "Image": "docker.io/tripleomaster/centos-haproxy:latest", + "Volumes": null, + "WorkingDir": "/", + "Entrypoint": "dumb-init --single-child --", + "OnBuild": null, + "Labels": { + "build-date": "20190919", + "kolla_version": "8.1.0", + "name": "haproxy", + "org.label-schema.build-date": "20190801", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "Annotations": { + "io.kubernetes.cri-o.ContainerType": "sandbox", + "io.kubernetes.cri-o.TTY": "false", + "io.podman.annotations.autoremove": "FALSE", + "io.podman.annotations.init": "FALSE", + "io.podman.annotations.privileged": "FALSE", + "io.podman.annotations.publish-all": "FALSE" + }, + "StopSignal": 15 + }, + "HostConfig": { + "Binds": [], + "ContainerIDFile": "", + "LogConfig": { + "Type": "k8s-file", + "Config": null + }, + "NetworkMode": "default", + "PortBindings": {}, + "RestartPolicy": { + "Name": "", + "MaximumRetryCount": 0 + }, + "AutoRemove": false, + "VolumeDriver": "", + "VolumesFrom": null, + "CapAdd": [], + "CapDrop": [], + "Dns": [], + "DnsOptions": [], + "DnsSearch": [], + "ExtraHosts": [], + "GroupAdd": [], + "IpcMode": "", + "Cgroup": "", + "Links": null, + "OomScoreAdj": 0, + "PidMode": "", + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "SecurityOpt": [], + "Tmpfs": {}, + "UTSMode": "", + "UsernsMode": "", + "ShmSize": 65536000, + "Runtime": "oci", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 0, + "NanoCpus": 0, + "CgroupParent": "", + "BlkioWeight": 0, + "BlkioWeightDevice": null, + "BlkioDeviceReadBps": null, + "BlkioDeviceWriteBps": null, + "BlkioDeviceReadIOps": null, + "BlkioDeviceWriteIOps": null, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": [], + "DiskQuota": 0, + "KernelMemory": 0, + "MemoryReservation": 0, + "MemorySwap": 0, + "MemorySwappiness": -1, + "OomKillDisable": false, + "PidsLimit": 0, + "Ulimits": [ + { + "Name": "RLIMIT_NOFILE", + "Soft": 1048576, + "Hard": 1048576 + }, + { + "Name": "RLIMIT_NPROC", + "Soft": 1048576, + "Hard": 1048576 + } + ], + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0 + } + } + ] +""" + +import json +import time +from ansible.module_utils.basic import AnsibleModule + + +def get_containers_facts(module, executable, name): + """Collect containers facts for all containers or for specified in 'name'. + + Arguments: + module {AnsibleModule} -- instance of AnsibleModule + executable {string} -- binary to execute when inspecting containers + name {list} -- list of names or None in case of all containers + + Returns: + list of containers info, stdout, stderr + """ + retry = 0 + retry_limit = 4 + if not name: + all_names = [executable, 'container', 'ls', '-q', '-a'] + rc, out, err = module.run_command(all_names) + # This should not fail in regular circumstances, so retry again + # https://github.com/containers/podman/issues/10225 + while rc != 0 and retry <= retry_limit: + module.log(msg="Unable to get list of containers: %s" % err) + time.sleep(1) + retry += 1 + rc, out, err = module.run_command(all_names) + if rc != 0: + module.fail_json(msg="Unable to get list of containers during" + " %s retries" % retry_limit) + name = out.split() + if not name: + return [], out, err + command = [executable, 'container', 'inspect'] + command.extend(name) + rc, out, err = module.run_command(command) + if rc == 0: + json_out = json.loads(out) if out else None + if json_out is None: + return [], out, err + return json_out, out, err + if rc != 0 and 'no such ' in err: + if len(name) < 2: + return [], out, err + return cycle_over(module, executable, name) + module.fail_json(msg="Unable to gather info for %s: %s" % (",".join(name), err)) + + +def cycle_over(module, executable, name): + """Inspect each container in a cycle in case some of them don't exist. + + Arguments: + module {AnsibleModule} -- instance of AnsibleModule + executable {string} -- binary to execute when inspecting containers + name {list} -- list of containers names to inspect + + Returns: + list of containers info, stdout as empty, stderr + """ + inspection = [] + stderrs = [] + for container in name: + command = [executable, 'container', 'inspect', container] + rc, out, err = module.run_command(command) + if rc != 0 and 'no such ' not in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (container, err)) + if rc == 0 and out: + json_out = json.loads(out) + if json_out: + inspection += json_out + stderrs.append(err) + return inspection, "", "\n".join(stderrs) + + +def main(): + module = AnsibleModule( + argument_spec={ + 'executable': {'type': 'str', 'default': 'podman'}, + 'name': {'type': 'list', 'elements': 'str'}, + }, + supports_check_mode=True, + ) + + name = module.params['name'] + executable = module.get_bin_path(module.params['executable'], required=True) + # pylint: disable=unused-variable + inspect_results, out, err = get_containers_facts(module, executable, name) + + results = { + "changed": False, + "containers": inspect_results, + "stderr": err + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_containers.py b/ansible_collections/containers/podman/plugins/modules/podman_containers.py new file mode 100644 index 000000000..c67aee344 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_containers.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: podman_containers +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.4.0' +short_description: Manage podman containers in a batch +description: + - Manage groups of podman containers +requirements: + - "podman" +options: + containers: + description: + - List of dictionaries with data for running containers for podman_container module. + required: True + type: list + elements: dict + debug: + description: + - Return additional information which can be helpful for investigations. + type: bool + default: False +''' + +EXAMPLES = ''' +- name: Run three containers at once + podman_containers: + containers: + - name: alpine + image: alpine + command: sleep 1d + - name: web + image: nginx + - name: test + image: python:3-alpine + command: python -V +''' + +from ansible.module_utils.basic import AnsibleModule # noqa: F402 +from ..module_utils.podman.podman_container_lib import PodmanManager # noqa: F402 +from ..module_utils.podman.podman_container_lib import set_container_opts # noqa: F402 + + +def combine(results): + changed = any(i.get('changed', False) for i in results) + failed = any(i.get('failed', False) for i in results) + actions = [] + podman_actions = [] + containers = [] + podman_version = '' + diffs = {} + stderr = '' + stdout = '' + for i in results: + if 'actions' in i and i['actions']: + actions += i['actions'] + if 'podman_actions' in i and i['podman_actions']: + podman_actions += i['podman_actions'] + if 'container' in i and i['container']: + containers.append(i['container']) + if 'podman_version' in i: + podman_version = i['podman_version'] + if 'diff' in i: + diffs[i['container']['Name']] = i['diff'] + if 'stderr' in i: + stderr += i['stderr'] + if 'stdout' in i: + stdout += i['stdout'] + + total = { + 'changed': changed, + 'failed': failed, + 'actions': actions, + 'podman_actions': podman_actions, + 'containers': containers, + 'stdout': stdout, + 'stderr': stderr, + } + if podman_version: + total['podman_version'] = podman_version + if diffs: + before = after = '' + for k, v in diffs.items(): + before += "".join([str(k), ": ", str(v['before']), "\n"]) + after += "".join([str(k), ": ", str(v['after']), "\n"]) + total['diff'] = { + 'before': before, + 'after': after + } + return total + + +def check_input_strict(container): + if container['state'] in ['started', 'present'] and not container['image']: + return "State '%s' required image to be configured!" % container['state'] + + +def main(): + module = AnsibleModule( + argument_spec=dict( + containers=dict(type='list', elements='dict', required=True), + debug=dict(type='bool', default=False), + ), + supports_check_mode=True, + ) + # work on input vars + + results = [] + for container in module.params['containers']: + options_dict = set_container_opts(container) + options_dict['debug'] = module.params['debug'] or options_dict['debug'] + test_input = check_input_strict(options_dict) + if test_input: + module.fail_json( + msg="Failed to run container %s because: %s" % (options_dict['name'], test_input)) + res = PodmanManager(module, options_dict).execute() + results.append(res) + total_results = combine(results) + module.exit_json(**total_results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_export.py b/ansible_collections/containers/podman/plugins/modules/podman_export.py new file mode 100644 index 000000000..e2bb19614 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_export.py @@ -0,0 +1,106 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2021, Sagi Shnaidman +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_export +short_description: Export a podman container +author: Sagi Shnaidman (@sshnaidm) +description: + - podman export exports the filesystem of a container and saves it as a + tarball on the local machine +options: + dest: + description: + - Path to export container to. + type: str + required: true + container: + description: + - Container to export. + type: str + required: true + force: + description: + - Force saving to file even if it exists. + type: bool + default: True + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_export: + dest: /path/to/tar/file + container: container-name +''' + +import os # noqa: E402 +from ansible.module_utils.basic import AnsibleModule # noqa: E402 +from ..module_utils.podman.common import remove_file_or_dir # noqa: E402 + + +def export(module, executable): + changed = False + command = [executable, 'export'] + command += ['-o=%s' % module.params['dest'], module.params['container']] + if module.params['force']: + dest = module.params['dest'] + if os.path.exists(dest): + changed = True + if module.check_mode: + return changed, '', '' + try: + remove_file_or_dir(dest) + except Exception as e: + module.fail_json(msg="Error deleting %s path: %s" % (dest, e)) + else: + changed = not os.path.exists(module.params['dest']) + if module.check_mode: + return changed, '', '' + rc, out, err = module.run_command(command) + if rc != 0: + module.fail_json(msg="Error exporting container %s: %s" % ( + module.params['container'], err)) + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + dest=dict(type='str', required=True), + container=dict(type='str', required=True), + force=dict(type='bool', default=True), + executable=dict(type='str', default='podman') + ), + supports_check_mode=True, + ) + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err = export(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + } + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py b/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py new file mode 100644 index 000000000..9c9bc7b27 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py @@ -0,0 +1,604 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# 2022, Sébastien Gendre +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +DOCUMENTATION = ''' +module: podman_generate_systemd +author: + - Sébastien Gendre (@CyberFox001) +short_description: Generate systemd unit from a pod or a container +description: + - Generate systemd .service unit file(s) from a pod or a container + - Support Ansible check mode +options: + name: + description: + - Name of the pod or container to export + type: str + required: true + dest: + description: + - Destination of the generated systemd unit file(s). + - Use C(/etc/systemd/system) for the system-wide systemd instance. + - Use C(/etc/systemd/user) or C(~/.config/systemd/user) for use with per-user instances of systemd. + type: path + new: + description: + - Generate unit files that create containers and pods, not only start them. + - Refer to podman-generate-systemd(1) man page for more information. + type: bool + default: false + restart_policy: + description: + - Restart policy of the service + type: str + choices: + - no-restart + - on-success + - on-failure + - on-abnormal + - on-watchdog + - on-abort + - always + restart_sec: + description: + - Configures the time to sleep before restarting a service (as configured with restart-policy). + - Takes a value in seconds. + - Only with Podman 4.0.0 and above + type: int + start_timeout: + description: + - Override the default start timeout for the container with the given value in seconds. + - Only with Podman 4.0.0 and above + type: int + stop_timeout: + description: + - Override the default stop timeout for the container with the given value in seconds. + type: int + env: + description: + - Set environment variables to the systemd unit files. + - Keys are the environment variable names, and values are the environment variable values + - Only with Podman 4.3.0 and above + type: dict + use_names: + description: + - Use name of the containers for the start, stop, and description in the unit file. + type: bool + default: true + container_prefix: + description: + - Set the systemd unit name prefix for containers. + - If not set, use the default defined by podman, C(container). + - Refer to podman-generate-systemd(1) man page for more information. + type: str + pod_prefix: + description: + - Set the systemd unit name prefix for pods. + - If not set, use the default defined by podman, C(pod). + - Refer to podman-generate-systemd(1) man page for more information. + type: str + separator: + description: + - Systemd unit name separator between the name/id of a container/pod and the prefix. + - If not set, use the default defined by podman, C(-). + - Refer to podman-generate-systemd(1) man page for more information. + type: str + no_header: + description: + - Do not generate the header including meta data such as the Podman version and the timestamp. + type: bool + default: false + after: + description: + - Add the systemd unit after (C(After=)) option, that ordering dependencies between the list of dependencies and this service. + - This option may be specified more than once. + - User-defined dependencies will be appended to the generated unit file + - But any existing options such as needed or defined by default (e.g. C(online.target)) will not be removed or overridden. + - Only with Podman 4.0.0 and above + type: list + elements: str + wants: + description: + - Add the systemd unit wants (C(Wants=)) option, that this service is (weak) dependent on. + - This option may be specified more than once. + - This option does not influence the order in which services are started or stopped. + - User-defined dependencies will be appended to the generated unit file + - But any existing options such as needed or defined by default (e.g. C(online.target)) will not be removed or overridden. + - Only with Podman 4.0.0 and above + type: list + elements: str + requires: + description: + - Set the systemd unit requires (Requires=) option. + - Similar to wants, but declares a stronger requirement dependency. + - Only with Podman 4.0.0 and above + type: list + elements: str + executable: + description: + - C(Podman) executable name or full path + type: str + default: podman +requirements: + - Podman installed on target host +notes: + - If you indicate a pod, the systemd units for it and all its containers will be generated + - Create all your pods, containers and their dependencies before generating the systemd files + - If a container or pod is already started before you do a C(systemctl daemon-reload), + systemd will not see the container or pod as started + - Stop your container or pod before you do a C(systemctl daemon-reload), + then you can start them with C(systemctl start my_container.service) +''' + +EXAMPLES = ''' +# Example of creating a container and systemd unit file. +# When using podman_generate_systemd with new:true then +# the container needs rm:true for idempotence. +- name: Create postgres container + containers.podman.podman_container: + name: postgres + image: docker.io/library/postgres:latest + rm: true + state: created + +- name: Generate systemd unit file for postgres container + containers.podman.podman_generate_systemd: + name: postgres + new: true + no_header: true + dest: /etc/systemd/system + +- name: Ensure postgres container is started and enabled + ansible.builtin.systemd: + name: container-postgres + daemon_reload: true + state: started + enabled: true + + +# Example of creating a container and integrate it into systemd +- name: A postgres container must exist, stopped + containers.podman.podman_container: + name: postgres_local + image: docker.io/library/postgres:latest + state: stopped + +- name: Systemd unit files for postgres container must exist + containers.podman.podman_generate_systemd: + name: postgres_local + dest: ~/.config/systemd/user/ + +- name: Postgres container must be started and enabled on systemd + ansible.builtin.systemd: + name: container-postgres_local + daemon_reload: true + state: started + enabled: true + + +# Generate the unit files, but store them on an Ansible variable +# instead of writing them on target host +- name: Systemd unit files for postgres container must be generated + containers.podman.podman_generate_systemd: + name: postgres_local + register: postgres_local_systemd_unit + +# Generate the unit files with environment variables sets +- name: Systemd unit files for postgres container must be generated + containers.podman.podman_generate_systemd: + name: postgres_local + env: + POSTGRES_USER: my_app + POSTGRES_PASSWORD: example + register: postgres_local_systemd_unit +''' + +RETURN = ''' +systemd_units: + description: A copy of the generated systemd .service unit(s) + returned: always + type: dict + sample: { + "container-postgres_local": " #Content of the systemd .servec unit for postgres_local container", + "pod-my_webapp": " #Content of the systemd .servec unit for my_webapp pod", + } +podman_command: + description: A copy of the podman command used to generate the systemd unit(s) + returned: always + type: str + sample: "podman generate systemd my_webapp" +''' + + +import os +from ansible.module_utils.basic import AnsibleModule +import json + + +RESTART_POLICY_CHOICES = [ + 'no-restart', + 'on-success', + 'on-failure', + 'on-abnormal', + 'on-watchdog', + 'on-abort', + 'always', +] + + +def generate_systemd(module): + '''Generate systemd .service unit file from a pod or container. + + Parameter: + - module (AnsibleModule): An AnsibleModule object + + Returns (tuple[bool, list[str], str]): + - A boolean which indicate whether the targeted systemd state is modified + - A copy of the generated systemd .service units content + - A copy of the command, as a string + ''' + # Flag which indicate whether the targeted system state is modified + changed = False + + # Build the podman command, based on the module parameters + command_options = [] + + # New option + if module.params['new']: + command_options.append('--new') + + # Restart policy option + restart_policy = module.params['restart_policy'] + if restart_policy: + # add the restart policy to options + if restart_policy == 'no-restart': + restart_policy = 'no' + command_options.append( + '--restart-policy={restart_policy}'.format( + restart_policy=restart_policy, + ), + ) + + # Restart-sec option (only for Podman 4.0.0 and above) + restart_sec = module.params['restart_sec'] + if restart_sec: + command_options.append( + '--restart-sec={restart_sec}'.format( + restart_sec=restart_sec, + ), + ) + + # Start-timeout option (only for Podman 4.0.0 and above) + start_timeout = module.params['start_timeout'] + if start_timeout: + command_options.append( + '--start-timeout={start_timeout}'.format( + start_timeout=start_timeout, + ), + ) + + # Stop-timeout option + stop_timeout = module.params['stop_timeout'] + if stop_timeout: + command_options.append( + '--stop-timeout={stop_timeout}'.format( + stop_timeout=stop_timeout, + ), + ) + + # Use container name(s) option + if module.params['use_names']: + command_options.append('--name') + + # Container-prefix option + container_prefix = module.params['container_prefix'] + if container_prefix is not None: + command_options.append( + '--container-prefix={container_prefix}'.format( + container_prefix=container_prefix, + ), + ) + + # Pod-prefix option + pod_prefix = module.params['pod_prefix'] + if pod_prefix is not None: + command_options.append( + '--pod-prefix={pod_prefix}'.format( + pod_prefix=pod_prefix, + ), + ) + + # Separator option + separator = module.params['separator'] + if separator is not None: + command_options.append( + '--separator={separator}'.format( + separator=separator, + ), + ) + + # No-header option + if module.params['no_header']: + command_options.append('--no-header') + + # After option (only for Podman 4.0.0 and above) + after = module.params['after'] + if after: + for item in after: + command_options.append( + '--after={item}'.format( + item=item, + ), + ) + + # Wants option (only for Podman 4.0.0 and above) + wants = module.params['wants'] + if wants: + for item in wants: + command_options.append( + '--wants={item}'.format( + item=item, + ) + ) + + # Requires option (only for Podman 4.0.0 and above) + requires = module.params['requires'] + if requires: + for item in requires: + command_options.append( + '--requires={item}'.format( + item=item, + ), + ) + + # Environment variables (only for Podman 4.3.0 and above) + environment_variables = module.params['env'] + if environment_variables: + for env_var_name, env_var_value in environment_variables.items(): + command_options.append( + "-e='{env_var_name}={env_var_value}'".format( + env_var_name=env_var_name, + env_var_value=env_var_value, + ), + ) + + # Set output format, of podman command, to json + command_options.extend(['--format', 'json']) + + # Full command build, with option included + # Base of the command + command = [ + module.params['executable'], 'generate', 'systemd', + ] + # Add the options to the commande + command.extend(command_options) + # Add pod or container name to the command + command.append(module.params['name']) + # Build the string version of the command, only for module return + command_str = ' '.join(command) + + # Run the podman command to generated systemd .service unit(s) content + return_code, stdout, stderr = module.run_command(command) + + # In case of error in running the command + if return_code != 0: + # Print informations about the error and return and empty dictionary + message = 'Error generating systemd .service unit(s).' + message += ' Command executed: {command_str}' + message += ' Command returned with code: {return_code}.' + message += ' Error message: {stderr}.' + module.fail_json( + msg=message.format( + command_str=command_str, + return_code=return_code, + stderr=stderr, + ), + changed=changed, + systemd_units={}, + podman_command=command_str, + ) + + # In case of command execution success, its stdout is a json + # dictionary. This dictionary is all the generated systemd units. + # Each key value pair is one systemd unit. The key is the unit name + # and the value is the unit content. + + # Load the returned json dictionary as a python dictionary + systemd_units = json.loads(stdout) + + # Write the systemd .service unit(s) content to file(s), if + # requested + if module.params['dest']: + try: + systemd_units_dest = module.params['dest'] + # If destination don't exist + if not os.path.exists(systemd_units_dest): + # If not in check mode, make it + if not module.check_mode: + os.makedirs(systemd_units_dest) + changed = True + # If destination exist but not a directory + if not os.path.isdir(systemd_units_dest): + # Stop and tell user that the destination is not a directry + message = "Destination {systemd_units_dest} is not a directory." + message += " Can't save systemd unit files in." + module.fail_json( + msg=message.format( + systemd_units_dest=systemd_units_dest, + ), + changed=changed, + systemd_units=systemd_units, + podman_command=command_str, + ) + + # Write each systemd unit, if needed + for unit_name, unit_content in systemd_units.items(): + # Build full path to unit file + unit_file_name = unit_name + '.service' + unit_file_full_path = os.path.join( + systemd_units_dest, + unit_file_name, + ) + + # See if we need to write the unit file, default yes + need_to_write_file = True + # If the unit file already exist, compare it with the + # generated content + if os.path.exists(unit_file_full_path): + # Read the file + with open(unit_file_full_path, 'r') as unit_file: + current_unit_file_content = unit_file.read() + # If current unit file content is the same as the + # generated content + # Remove comments from files, before comparing + current_unit_file_content_nocmnt = "\n".join([ + line for line in current_unit_file_content.splitlines() + if not line.startswith('#')]) + unit_content_nocmnt = "\n".join([ + line for line in unit_content.splitlines() + if not line.startswith('#')]) + if current_unit_file_content_nocmnt == unit_content_nocmnt: + # We don't need to write it + need_to_write_file = False + + # Write the file, if needed + if need_to_write_file: + with open(unit_file_full_path, 'w') as unit_file: + # If not in check mode, write the file + if not module.check_mode: + unit_file.write(unit_content) + changed = True + + except Exception as exception: + # When exception occurs while trying to write units file + message = 'PODMAN-GENERATE-SYSTEMD-DEBUG: ' + message += 'Error writing systemd units files: ' + message += '{exception}' + module.log( + message.format( + exception=exception + ), + ) + # Return the systemd .service unit(s) content + return changed, systemd_units, command_str + + +def run_module(): + '''Run the module on the target''' + # Build the list of parameters user can use + module_parameters = { + 'name': { + 'type': 'str', + 'required': True, + }, + 'dest': { + 'type': 'path', + 'required': False, + }, + 'new': { + 'type': 'bool', + 'required': False, + 'default': False, + }, + 'restart_policy': { + 'type': 'str', + 'required': False, + 'choices': RESTART_POLICY_CHOICES, + }, + 'restart_sec': { + 'type': 'int', + 'required': False, + }, + 'start_timeout': { + 'type': 'int', + 'required': False, + }, + 'stop_timeout': { + 'type': 'int', + 'required': False, + }, + 'env': { + 'type': 'dict', + 'required': False, + }, + 'use_names': { + 'type': 'bool', + 'required': False, + 'default': True, + }, + 'container_prefix': { + 'type': 'str', + 'required': False, + }, + 'pod_prefix': { + 'type': 'str', + 'required': False, + }, + 'separator': { + 'type': 'str', + 'required': False, + }, + 'no_header': { + 'type': 'bool', + 'required': False, + 'default': False, + }, + 'after': { + 'type': 'list', + 'elements': 'str', + 'required': False, + }, + 'wants': { + 'type': 'list', + 'elements': 'str', + 'required': False, + }, + 'requires': { + 'type': 'list', + 'elements': 'str', + 'required': False, + }, + 'executable': { + 'type': 'str', + 'required': False, + 'default': 'podman', + }, + } + + # Build result dictionary + result = { + 'changed': False, + 'systemd_units': {}, + 'podman_command': '', + } + + # Build the Ansible Module + module = AnsibleModule( + argument_spec=module_parameters, + supports_check_mode=True + ) + + # Generate the systemd units + state_changed, systemd_units, podman_command = generate_systemd(module) + + result['changed'] = state_changed + result['systemd_units'] = systemd_units + result['podman_command'] = podman_command + + # Return the result + module.exit_json(**result) + + +def main(): + '''Main function of this script.''' + run_module() + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_image.py b/ansible_collections/containers/podman/plugins/modules/podman_image.py new file mode 100644 index 000000000..d66ff5d49 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_image.py @@ -0,0 +1,862 @@ +#!/usr/bin/python +# Copyright (c) 2018 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' + module: podman_image + author: + - Sam Doran (@samdoran) + short_description: Pull images for use by podman + notes: [] + description: + - Build, pull, or push images using Podman. + options: + arch: + description: + - CPU architecutre for the container image + type: str + name: + description: + - Name of the image to pull, push, or delete. It may contain a tag using the format C(image:tag). + required: True + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the machine running C(podman). + default: 'podman' + type: str + ca_cert_dir: + description: + - Path to directory containing TLS certificates and keys to use. + type: 'path' + tag: + description: + - Tag of the image to pull, push, or delete. + default: "latest" + type: str + pull: + description: Whether or not to pull the image. + default: True + type: bool + push: + description: Whether or not to push an image. + default: False + type: bool + path: + description: Path to the build context directory. + type: str + force: + description: + - Whether or not to force push or pull an image. + - When building, force the build even if the image already exists. + type: bool + default: False + state: + description: + - Whether an image should be present, absent, or built. + default: "present" + type: str + choices: + - present + - absent + - build + validate_certs: + description: + - Require HTTPS and validate certificates when pulling or pushing. Also used during build if a pull or push is necessary. + type: bool + aliases: + - tlsverify + - tls_verify + password: + description: + - Password to use when authenticating to remote registries. + type: str + username: + description: + - username to use when authenticating to remote registries. + type: str + auth_file: + description: + - Path to file containing authorization credentials to the remote registry. + aliases: + - authfile + type: path + build: + description: Arguments that control image build. + type: dict + default: {} + aliases: + - build_args + - buildargs + suboptions: + file: + description: + - Path to the Containerfile if it is not in the build context directory. + type: path + volume: + description: + - Specify multiple volume / mount options to mount one or more mounts to a container. + type: list + elements: str + annotation: + description: + - Dictionary of key=value pairs to add to the image. Only works with OCI images. Ignored for Docker containers. + type: dict + force_rm: + description: + - Always remove intermediate containers after a build, even if the build is unsuccessful. + type: bool + default: False + format: + description: + - Format of the built image. + type: str + choices: + - docker + - oci + default: "oci" + cache: + description: + - Whether or not to use cached layers when building an image + type: bool + default: True + rm: + description: Remove intermediate containers after a successful build + type: bool + default: True + extra_args: + description: + - Extra args to pass to build, if executed. Does not idempotently check for new build args. + type: str + push_args: + description: Arguments that control pushing images. + type: dict + default: {} + suboptions: + compress: + description: + - Compress tarball image layers when pushing to a directory using the 'dir' transport. + type: bool + format: + description: + - Manifest type to use when pushing an image using the 'dir' transport (default is manifest type of source). + type: str + choices: + - oci + - v2s1 + - v2s2 + remove_signatures: + description: Discard any pre-existing signatures in the image + type: bool + sign_by: + description: + - Path to a key file to use to sign the image. + type: str + dest: + description: Path or URL where image will be pushed. + type: str + aliases: + - destination + transport: + description: + - Transport to use when pushing in image. If no transport is set, will attempt to push to a remote registry. + type: str + choices: + - dir + - docker-archive + - docker-daemon + - oci-archive + - ostree +''' + +EXAMPLES = r""" +- name: Pull an image + containers.podman.podman_image: + name: quay.io/bitnami/wildfly + +- name: Remove an image + containers.podman.podman_image: + name: quay.io/bitnami/wildfly + state: absent + +- name: Remove an image with image id + containers.podman.podman_image: + name: 0e901e68141f + state: absent + +- name: Pull a specific version of an image + containers.podman.podman_image: + name: redis + tag: 4 + +- name: Build a basic OCI image + containers.podman.podman_image: + name: nginx + path: /path/to/build/dir + +- name: Build a basic OCI image with advanced parameters + containers.podman.podman_image: + name: nginx + path: /path/to/build/dir + build: + cache: no + force_rm: true + format: oci + annotation: + app: nginx + function: proxy + info: Load balancer for my cool app + extra_args: "--build-arg KEY=value" + +- name: Build a Docker formatted image + containers.podman.podman_image: + name: nginx + path: /path/to/build/dir + build: + format: docker + +- name: Build and push an image using existing credentials + containers.podman.podman_image: + name: nginx + path: /path/to/build/dir + push: true + push_args: + dest: quay.io/acme + +- name: Build and push an image using an auth file + containers.podman.podman_image: + name: nginx + push: true + auth_file: /etc/containers/auth.json + push_args: + dest: quay.io/acme + +- name: Build and push an image using username and password + containers.podman.podman_image: + name: nginx + push: true + username: bugs + password: "{{ vault_registry_password }}" + push_args: + dest: quay.io/acme + +- name: Build and push an image to multiple registries + containers.podman.podman_image: + name: "{{ item }}" + path: /path/to/build/dir + push: true + auth_file: /etc/containers/auth.json + loop: + - quay.io/acme/nginx + - docker.io/acme/nginx + +- name: Build and push an image to multiple registries with separate parameters + containers.podman.podman_image: + name: "{{ item.name }}" + tag: "{{ item.tag }}" + path: /path/to/build/dir + push: true + auth_file: /etc/containers/auth.json + push_args: + dest: "{{ item.dest }}" + loop: + - name: nginx + tag: 4 + dest: docker.io/acme + + - name: nginx + tag: 3 + dest: docker.io/acme + +- name: Pull an image for a specific CPU architecture + containers.podman.podman_image: + name: nginx + arch: amd64 +""" + +RETURN = r""" + image: + description: + - Image inspection results for the image that was pulled, pushed, or built. + returned: success + type: dict + sample: [ + { + "Annotations": {}, + "Architecture": "amd64", + "Author": "", + "Comment": "from Bitnami with love", + "ContainerConfig": { + "Cmd": [ + "/run.sh" + ], + "Entrypoint": [ + "/app-entrypoint.sh" + ], + "Env": [ + "PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "IMAGE_OS=debian-9", + "NAMI_VERSION=1.0.0-1", + "GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net", + "TINI_VERSION=v0.13.2", + "TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7", + "GOSU_VERSION=1.10", + "GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4", + "BITNAMI_IMAGE_VERSION=16.0.0-debian-9-r27", + "BITNAMI_PKG_CHMOD=-R g+rwX", + "BITNAMI_PKG_EXTRA_DIRS=/home/wildfly", + "HOME=/", + "BITNAMI_APP_NAME=wildfly", + "NAMI_PREFIX=/.nami", + "WILDFLY_HOME=/home/wildfly", + "WILDFLY_JAVA_HOME=", + "WILDFLY_JAVA_OPTS=", + "WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990", + "WILDFLY_PASSWORD=bitnami", + "WILDFLY_PUBLIC_CONSOLE=true", + "WILDFLY_SERVER_AJP_PORT_NUMBER=8009", + "WILDFLY_SERVER_HTTP_PORT_NUMBER=8080", + "WILDFLY_SERVER_INTERFACE=0.0.0.0", + "WILDFLY_USERNAME=user", + "WILDFLY_WILDFLY_HOME=/home/wildfly", + "WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false" + ], + "ExposedPorts": { + "8080/tcp": {}, + "9990/tcp": {} + }, + "Labels": { + "maintainer": "Bitnami " + }, + "User": "1001" + }, + "Created": "2019-04-10T05:48:03.553887623Z", + "Digest": "sha256:5a8ab28e314c2222de3feaf6dac94a0436a37fc08979d2722c99d2bef2619a9b", + "GraphDriver": { + "Data": { + "LowerDir": "/var/lib/containers/storage/overlay/142c1beadf1bb09fbd929465ec98c9dca3256638220450efb4214727d0d0680e/diff:/var/lib/containers/s", + "MergedDir": "/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/merged", + "UpperDir": "/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/diff", + "WorkDir": "/var/lib/containers/storage/overlay/9aa10191f5bddb59e28508e721fdeb43505e5b395845fa99723ed787878dbfea/work" + }, + "Name": "overlay" + }, + "History": [ + { + "comment": "from Bitnami with love", + "created": "2019-04-09T22:27:40.659377677Z" + }, + { + "created": "2019-04-09T22:38:53.86336555Z", + "created_by": "/bin/sh -c #(nop) LABEL maintainer=Bitnami ", + "empty_layer": true + }, + { + "created": "2019-04-09T22:38:54.022778765Z", + "created_by": "/bin/sh -c #(nop) ENV IMAGE_OS=debian-9", + "empty_layer": true + }, + ], + "Id": "ace34da54e4af2145e1ad277005adb235a214e4dfe1114c2db9ab460b840f785", + "Labels": { + "maintainer": "Bitnami " + }, + "ManifestType": "application/vnd.docker.distribution.manifest.v1+prettyjws", + "Os": "linux", + "Parent": "", + "RepoDigests": [ + "quay.io/bitnami/wildfly@sha256:5a8ab28e314c2222de3feaf6dac94a0436a37fc08979d2722c99d2bef2619a9b" + ], + "RepoTags": [ + "quay.io/bitnami/wildfly:latest" + ], + "RootFS": { + "Layers": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "Type": "layers" + }, + "Size": 466180019, + "User": "1001", + "Version": "18.09.3", + "VirtualSize": 466180019 + } + ] +""" + +import json +import re +import shlex + +from ansible.module_utils._text import to_native +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.containers.podman.plugins.module_utils.podman.common import run_podman_command + + +class PodmanImageManager(object): + + def __init__(self, module, results): + + super(PodmanImageManager, self).__init__() + + self.module = module + self.results = results + self.name = self.module.params.get('name') + self.executable = self.module.get_bin_path(module.params.get('executable'), required=True) + self.tag = self.module.params.get('tag') + self.pull = self.module.params.get('pull') + self.push = self.module.params.get('push') + self.path = self.module.params.get('path') + self.force = self.module.params.get('force') + self.state = self.module.params.get('state') + self.validate_certs = self.module.params.get('validate_certs') + self.auth_file = self.module.params.get('auth_file') + self.username = self.module.params.get('username') + self.password = self.module.params.get('password') + self.ca_cert_dir = self.module.params.get('ca_cert_dir') + self.build = self.module.params.get('build') + self.push_args = self.module.params.get('push_args') + self.arch = self.module.params.get('arch') + + repo, repo_tag = parse_repository_tag(self.name) + if repo_tag: + self.name = repo + self.tag = repo_tag + + delimiter = ':' if "sha256" not in self.tag else '@' + self.image_name = '{name}{d}{tag}'.format(name=self.name, d=delimiter, tag=self.tag) + + if self.state in ['present', 'build']: + self.present() + + if self.state in ['absent']: + self.absent() + + def _run(self, args, expected_rc=0, ignore_errors=False): + cmd = " ".join([self.executable] + + [to_native(i) for i in args]) + self.module.log("PODMAN-IMAGE-DEBUG: %s" % cmd) + self.results['podman_actions'].append(cmd) + return run_podman_command( + module=self.module, + executable=self.executable, + args=args, + expected_rc=expected_rc, + ignore_errors=ignore_errors) + + def _get_id_from_output(self, lines, startswith=None, contains=None, split_on=' ', maxsplit=1): + layer_ids = [] + for line in lines.splitlines(): + if startswith and line.startswith(startswith) or contains and contains in line: + splitline = line.rsplit(split_on, maxsplit) + layer_ids.append(splitline[1]) + + # Podman 1.4 changed the output to only include the layer id when run in quiet mode + if not layer_ids: + layer_ids = lines.splitlines() + + return (layer_ids[-1]) + + def present(self): + image = self.find_image() + + if image: + digest_before = image[0].get('Digest', image[0].get('digest')) + else: + digest_before = None + + if not image or self.force: + if self.path: + # Build the image + self.results['actions'].append('Built image {image_name} from {path}'.format(image_name=self.image_name, path=self.path)) + if not self.module.check_mode: + self.results['image'], self.results['stdout'] = self.build_image() + image = self.results['image'] + else: + # Pull the image + self.results['actions'].append('Pulled image {image_name}'.format(image_name=self.image_name)) + if not self.module.check_mode: + image = self.results['image'] = self.pull_image() + + if not image: + image = self.find_image() + if not self.module.check_mode: + digest_after = image[0].get('Digest', image[0].get('digest')) + self.results['changed'] = digest_before != digest_after + else: + self.results['changed'] = True + + if self.push: + # Push the image + if '/' in self.image_name: + push_format_string = 'Pushed image {image_name}' + else: + push_format_string = 'Pushed image {image_name} to {dest}' + self.results['actions'].append(push_format_string.format(image_name=self.image_name, dest=self.push_args['dest'])) + self.results['changed'] = True + if not self.module.check_mode: + self.results['image'], output = self.push_image() + self.results['stdout'] += "\n" + output + + def absent(self): + image = self.find_image() + image_id = self.find_image_id() + + if image: + self.results['actions'].append('Removed image {name}'.format(name=self.name)) + self.results['changed'] = True + self.results['image']['state'] = 'Deleted' + if not self.module.check_mode: + self.remove_image() + elif image_id: + self.results['actions'].append( + 'Removed image with id {id}'.format(id=self.image_name)) + self.results['changed'] = True + self.results['image']['state'] = 'Deleted' + if not self.module.check_mode: + self.remove_image_id() + + def find_image(self, image_name=None): + if image_name is None: + image_name = self.image_name + args = ['image', 'ls', image_name, '--format', 'json'] + rc, images, err = self._run(args, ignore_errors=True) + images = json.loads(images) + if len(images) > 0: + inspect_json = self.inspect_image(image_name) + if self._is_target_arch(inspect_json, self.arch) or not self.arch: + return images + + return None + + def _is_target_arch(self, inspect_json=None, arch=None): + return arch and inspect_json[0]['Architecture'] == arch + + def find_image_id(self, image_id=None): + if image_id is None: + # If image id is set as image_name, remove tag + image_id = re.sub(':.*$', '', self.image_name) + args = ['image', 'ls', '--quiet', '--no-trunc'] + rc, candidates, err = self._run(args, ignore_errors=True) + candidates = [re.sub('^sha256:', '', c) + for c in str.splitlines(candidates)] + for c in candidates: + if c.startswith(image_id): + return image_id + return None + + def inspect_image(self, image_name=None): + if image_name is None: + image_name = self.image_name + args = ['inspect', image_name, '--format', 'json'] + rc, image_data, err = self._run(args) + image_data = json.loads(image_data) + if len(image_data) > 0: + return image_data + else: + return None + + def pull_image(self, image_name=None): + if image_name is None: + image_name = self.image_name + + args = ['pull', image_name, '-q'] + + if self.arch: + args.extend(['--arch', self.arch]) + + if self.auth_file: + args.extend(['--authfile', self.auth_file]) + + if self.username and self.password: + cred_string = '{user}:{password}'.format(user=self.username, password=self.password) + args.extend(['--creds', cred_string]) + + if self.validate_certs is not None: + if self.validate_certs: + args.append('--tls-verify') + else: + args.append('--tls-verify=false') + + if self.ca_cert_dir: + args.extend(['--cert-dir', self.ca_cert_dir]) + + rc, out, err = self._run(args, ignore_errors=True) + if rc != 0: + if not self.pull: + self.module.fail_json(msg='Failed to find image {image_name} locally, image pull set to {pull_bool}'.format( + pull_bool=self.pull, image_name=image_name)) + else: + self.module.fail_json(msg='Failed to pull image {image_name}'.format(image_name=image_name)) + return self.inspect_image(out.strip()) + + def build_image(self): + args = ['build'] + args.extend(['-t', self.image_name]) + + if self.validate_certs is not None: + if self.validate_certs: + args.append('--tls-verify') + else: + args.append('--tls-verify=false') + + annotation = self.build.get('annotation') + if annotation: + for k, v in annotation.items(): + args.extend(['--annotation', '{k}={v}'.format(k=k, v=v)]) + + if self.ca_cert_dir: + args.extend(['--cert-dir', self.ca_cert_dir]) + + if self.build.get('force_rm'): + args.append('--force-rm') + + image_format = self.build.get('format') + if image_format: + args.extend(['--format', image_format]) + + if not self.build.get('cache'): + args.append('--no-cache') + + if self.build.get('rm'): + args.append('--rm') + + containerfile = self.build.get('file') + if containerfile: + args.extend(['--file', containerfile]) + + volume = self.build.get('volume') + if volume: + for v in volume: + args.extend(['--volume', v]) + + if self.auth_file: + args.extend(['--authfile', self.auth_file]) + + if self.username and self.password: + cred_string = '{user}:{password}'.format(user=self.username, password=self.password) + args.extend(['--creds', cred_string]) + + extra_args = self.build.get('extra_args') + if extra_args: + args.extend(shlex.split(extra_args)) + + args.append(self.path) + + rc, out, err = self._run(args, ignore_errors=True) + if rc != 0: + self.module.fail_json(msg="Failed to build image {image}: {out} {err}".format(image=self.image_name, out=out, err=err)) + + last_id = self._get_id_from_output(out, startswith='-->') + return self.inspect_image(last_id), out + err + + def push_image(self): + args = ['push'] + + if self.validate_certs is not None: + if self.validate_certs: + args.append('--tls-verify') + else: + args.append('--tls-verify=false') + + if self.ca_cert_dir: + args.extend(['--cert-dir', self.ca_cert_dir]) + + if self.username and self.password: + cred_string = '{user}:{password}'.format(user=self.username, password=self.password) + args.extend(['--creds', cred_string]) + + if self.auth_file: + args.extend(['--authfile', self.auth_file]) + + if self.push_args.get('compress'): + args.append('--compress') + + push_format = self.push_args.get('format') + if push_format: + args.extend(['--format', push_format]) + + if self.push_args.get('remove_signatures'): + args.append('--remove-signatures') + + sign_by_key = self.push_args.get('sign_by') + if sign_by_key: + args.extend(['--sign-by', sign_by_key]) + + args.append(self.image_name) + + # Build the destination argument + dest = self.push_args.get('dest') + dest_format_string = '{dest}/{image_name}' + regexp = re.compile(r'/{name}(:{tag})?'.format(name=self.name, tag=self.tag)) + if not dest: + if '/' not in self.name: + self.module.fail_json(msg="'push_args['dest']' is required when pushing images that do not have the remote registry in the image name") + + # If the push destination contains the image name and/or the tag + # remove it and warn since it's not needed. + elif regexp.search(dest): + dest = regexp.sub('', dest) + self.module.warn("Image name and tag are automatically added to push_args['dest']. Destination changed to {dest}".format(dest=dest)) + + if dest and dest.endswith('/'): + dest = dest[:-1] + + transport = self.push_args.get('transport') + if transport: + if not dest: + self.module.fail_json("'push_args['transport'] requires 'push_args['dest'] but it was not provided.") + if transport == 'docker': + dest_format_string = '{transport}://{dest}' + elif transport == 'ostree': + dest_format_string = '{transport}:{name}@{dest}' + else: + dest_format_string = '{transport}:{dest}' + + dest_string = dest_format_string.format(transport=transport, name=self.name, dest=dest, image_name=self.image_name,) + + # Only append the destination argument if the image name is not a URL + if '/' not in self.name: + args.append(dest_string) + + rc, out, err = self._run(args, ignore_errors=True) + if rc != 0: + self.module.fail_json(msg="Failed to push image {image_name}: {err}".format(image_name=self.image_name, err=err)) + last_id = self._get_id_from_output( + out + err, contains=':', split_on=':') + + return self.inspect_image(last_id), out + err + + def remove_image(self, image_name=None): + if image_name is None: + image_name = self.image_name + + args = ['rmi', image_name] + if self.force: + args.append('--force') + rc, out, err = self._run(args, ignore_errors=True) + if rc != 0: + self.module.fail_json(msg='Failed to remove image {image_name}. {err}'.format(image_name=image_name, err=err)) + return out + + def remove_image_id(self, image_id=None): + if image_id is None: + image_id = re.sub(':.*$', '', self.image_name) + + args = ['rmi', image_id] + if self.force: + args.append('--force') + rc, out, err = self._run(args, ignore_errors=True) + if rc != 0: + self.module.fail_json(msg='Failed to remove image with id {image_id}. {err}'.format( + image_id=image_id, err=err)) + return out + + +def parse_repository_tag(repo_name): + parts = repo_name.rsplit('@', 1) + if len(parts) == 2: + return tuple(parts) + parts = repo_name.rsplit(':', 1) + if len(parts) == 2 and '/' not in parts[1]: + return tuple(parts) + return repo_name, None + + +def main(): + module = AnsibleModule( + argument_spec=dict( + name=dict(type='str', required=True), + arch=dict(type='str'), + tag=dict(type='str', default='latest'), + pull=dict(type='bool', default=True), + push=dict(type='bool', default=False), + path=dict(type='str'), + force=dict(type='bool', default=False), + state=dict(type='str', default='present', choices=['absent', 'present', 'build']), + validate_certs=dict(type='bool', aliases=['tlsverify', 'tls_verify']), + executable=dict(type='str', default='podman'), + auth_file=dict(type='path', aliases=['authfile']), + username=dict(type='str'), + password=dict(type='str', no_log=True), + ca_cert_dir=dict(type='path'), + build=dict( + type='dict', + aliases=['build_args', 'buildargs'], + default={}, + options=dict( + annotation=dict(type='dict'), + force_rm=dict(type='bool', default=False), + file=dict(type='path'), + format=dict( + type='str', + choices=['oci', 'docker'], + default='oci' + ), + cache=dict(type='bool', default=True), + rm=dict(type='bool', default=True), + volume=dict(type='list', elements='str'), + extra_args=dict(type='str'), + ), + ), + push_args=dict( + type='dict', + default={}, + options=dict( + compress=dict(type='bool'), + format=dict(type='str', choices=['oci', 'v2s1', 'v2s2']), + remove_signatures=dict(type='bool'), + sign_by=dict(type='str'), + dest=dict(type='str', aliases=['destination'],), + transport=dict( + type='str', + choices=[ + 'dir', + 'docker-archive', + 'docker-daemon', + 'oci-archive', + 'ostree', + ] + ), + ), + ), + ), + supports_check_mode=True, + required_together=( + ['username', 'password'], + ), + mutually_exclusive=( + ['auth_file', 'username'], + ['auth_file', 'password'], + ), + ) + + results = dict( + changed=False, + actions=[], + podman_actions=[], + image={}, + stdout='', + ) + + PodmanImageManager(module, results) + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_image_info.py b/ansible_collections/containers/podman/plugins/modules/podman_image_info.py new file mode 100644 index 000000000..d8af08814 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_image_info.py @@ -0,0 +1,236 @@ +#!/usr/bin/python +# Copyright (c) 2019 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +module: podman_image_info +author: + - Sam Doran (@samdoran) +short_description: Gather info about images using podman +notes: + - Podman may required elevated privileges in order to run properly. +description: + - Gather info about images using C(podman) +options: + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the machine running C(podman) + default: 'podman' + type: str + name: + description: + - List of tags or UID to gather info about. If no name is given return info about all images. + type: list + elements: str + +''' + +EXAMPLES = r""" +- name: Gather info for all images + containers.podman.podman_image_info: + +- name: Gather info on a specific image + containers.podman.podman_image_info: + name: nginx + +- name: Gather info on several images + containers.podman.podman_image_info: + name: + - redis + - quay.io/bitnami/wildfly +""" + +RETURN = r""" +images: + description: info from all or specified images + returned: always + type: dict + sample: [ + { + "Annotations": {}, + "Architecture": "amd64", + "Author": "", + "Comment": "from Bitnami with love", + "ContainerConfig": { + "Cmd": [ + "nami", + "start", + "--foreground", + "wildfly" + ], + "Entrypoint": [ + "/app-entrypoint.sh" + ], + "Env": [ + "PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "IMAGE_OS=debian-9", + "NAMI_VERSION=0.0.9-0", + "GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net \ +hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu", + "TINI_VERSION=v0.13.2", + "TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7", + "GOSU_VERSION=1.10", + "GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4", + "BITNAMI_IMAGE_VERSION=14.0.1-debian-9-r12", + "BITNAMI_APP_NAME=wildfly", + "WILDFLY_JAVA_HOME=", + "WILDFLY_JAVA_OPTS=", + "WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990", + "WILDFLY_PASSWORD=bitnami", + "WILDFLY_PUBLIC_CONSOLE=true", + "WILDFLY_SERVER_AJP_PORT_NUMBER=8009", + "WILDFLY_SERVER_HTTP_PORT_NUMBER=8080", + "WILDFLY_SERVER_INTERFACE=0.0.0.0", + "WILDFLY_USERNAME=user", + "WILDFLY_WILDFLY_HOME=/home/wildfly", + "WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false" + ], + "ExposedPorts": { + "8080/tcp": {}, + "9990/tcp": {} + }, + "Labels": { + "maintainer": "Bitnami " + } + }, + "Created": "2018-09-25T04:07:45.934395523Z", + "Digest": "sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b", + "GraphDriver": { + "Data": { + "LowerDir": "/var/lib/containers/storage/overlay/a9dbf5616cc16919a8ac0dfc60aff87a72b5be52994c4649fcc91a089a12931\ +f/diff:/var/lib/containers/storage/overlay/67129bd46022122a7d8b7acb490092af6c7ce244ce4fbd7d9e2d2b7f5979e090/diff:/var/lib/containers/storage/overlay/7c51242c\ +4c5db5c74afda76d7fdbeab6965d8b21804bb3fc597dee09c770b0ca/diff:/var/lib/containers/storage/overlay/f97315dc58a9c002ba0cabccb9933d4b0d2113733d204188c88d72f75569b57b/diff:/var/lib/containers/storage/overlay/1dbde2dd497ddde2b467727125b900958a051a72561e58d29abe3d660dcaa9a7/diff:/var/lib/containers/storage/overlay/4aad9d80f30c3f0608f58173558b7554d84dee4dc4479672926eca29f75e6e33/diff:/var/lib/containers/storage/overlay/6751fc9b6868254870c062d75a511543fc8cfda2ce6262f4945f107449219632/diff:/var/lib/containers/storage/overlay/a27034d79081347421dd24d7e9e776c18271cd9a6e51053cb39af4d3d9c400e8/diff:/var/lib/containers/storage/overlay/537cf0045ed9cd7989f7944e7393019c81b16c1799a2198d8348cd182665397f/diff:/var/lib/containers/storage/overlay/27578615c5ae352af4e8449862d61aaf5c11b105a7d5905af55bd01b0c656d6e/diff:/var/lib/containers/storage/overlay/566542742840fe3034b3596f7cb9e62a6274c95a69f368f9e713746f8712c0b6/diff", + "MergedDir": "/var/lib/containers/storage/overlay/72bb96d6\ +c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/merged", + "UpperDir": "/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/diff", + "WorkDir": "/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/work" + }, + "Name": "overlay" + }, + "Id": "bcacbdf7a119c0fa934661ca8af839e625ce6540d9ceb6827cdd389f823d49e0", + "Labels": { + "maintainer": "Bitnami " + }, + "ManifestType": "application/vnd.docker.distribution.manifest.v1+prettyjws", + "Os": "linux", + "Parent": "", + "RepoDigests": [ + "quay.io/bitnami/wildfly@sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b" + ], + "RepoTags": [ + "quay.io/bitnami/wildfly:latest" + ], + "RootFS": { + "Layers": [ + "sha256:75391df2c87e076b0c2f72d20c95c57dc8be7ee684cc07273416cce622b43367", + "sha256:7dd303f041039bfe8f0833092673ac35f93137d10e0fbc4302021ea65ad57731", + "sha256:720d9edf0cd2a9bb56b88b80be9070dbfaad359514c70094c65066963fed485d", + "sha256:6a567ecbf97725501a634fcb486271999aa4591b633b4ae9932a46b40f5aaf47", + "sha256:59e9a6db8f178f3da868614564faabb2820cdfb69be32e63a4405d6f7772f68c", + "sha256:310a82ccb092cd650215ab375da8943d235a263af9a029b8ac26a281446c04db", + "sha256:36cb91cf4513543a8f0953fed785747ea18b675bc2677f3839889cfca0aac79e" + ], + "Type": "layers" + }, + "Size": 569919342, + "User": "", + "Version": "17.06.0-ce", + "VirtualSize": 569919342 + } + ] +""" + +import json + +from ansible.module_utils.basic import AnsibleModule + + +def image_exists(module, executable, name): + command = [executable, 'image', 'exists', name] + rc, out, err = module.run_command(command) + if rc == 1: + return False + elif 'Command "exists" not found' in err: + # The 'exists' test is available in podman >= 0.12.1 + command = [executable, 'image', 'ls', '-q', name] + rc2, out2, err2 = module.run_command(command) + if rc2 != 0: + return False + return True + + +def filter_invalid_names(module, executable, name): + valid_names = [] + names = name + if not isinstance(name, list): + names = [name] + + for name in names: + if image_exists(module, executable, name): + valid_names.append(name) + + return valid_names + + +def get_image_info(module, executable, name): + names = name + if not isinstance(name, list): + names = [name] + + if len(names) > 0: + command = [executable, 'image', 'inspect'] + command.extend(names) + rc, out, err = module.run_command(command) + + if rc != 0: + module.fail_json(msg="Unable to gather info for '{0}': {1}".format(', '.join(names), err)) + return out + + else: + return json.dumps([]) + + +def get_all_image_info(module, executable): + command = [executable, 'image', 'ls', '-q'] + rc, out, err = module.run_command(command) + out = out.strip() + if out: + name = out.split('\n') + res = get_image_info(module, executable, name) + return res + return json.dumps([]) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + name=dict(type='list', elements='str') + ), + supports_check_mode=True, + ) + + executable = module.params['executable'] + name = module.params.get('name') + executable = module.get_bin_path(executable, required=True) + + if name: + valid_names = filter_invalid_names(module, executable, name) + results = json.loads(get_image_info(module, executable, valid_names)) + else: + results = json.loads(get_all_image_info(module, executable)) + + results = dict( + changed=False, + images=results + ) + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_import.py b/ansible_collections/containers/podman/plugins/modules/podman_import.py new file mode 100644 index 000000000..5090b177c --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_import.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2021, Sagi Shnaidman +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_import +short_description: Import Podman container from a tar file. +author: Sagi Shnaidman (@sshnaidm) +description: + - podman import imports a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) + and saves it as a filesystem image. +options: + src: + description: + - Path to image file to load. + type: str + required: true + commit_message: + description: + - Set commit message for imported image + type: str + change: + description: + - Set changes as list of key-value pairs, see example. + type: list + elements: dict + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +image: + description: info from loaded image + returned: always + type: dict + sample: { + "Id": "cbc6d73c4d232db6e8441df96af81855f62c74157b5db80a1d5...", + "Digest": "sha256:8730c75be86a718929a658db4663d487e562d66762....", + "RepoTags": [], + "RepoDigests": [], + "Parent": "", + "Comment": "imported from tarball", + "Created": "2021-09-07T04:45:38.749977105+03:00", + "Config": {}, + "Version": "", + "Author": "", + "Architecture": "amd64", + "Os": "linux", + "Size": 5882449, + "VirtualSize": 5882449, + "GraphDriver": { + "Name": "overlay", + "Data": { + "UpperDir": "/home/...34/diff", + "WorkDir": "/home/.../work" + } + }, + "RootFS": { + "Type": "layers", + "Layers": [ + "sha256:...." + ] + }, + "Labels": null, + "Annotations": {}, + "ManifestType": "application/vnd.oci.image.manifest.v1+json", + "User": "", + "History": [ + { + "created": "2021-09-07T04:45:38.749977105+03:00", + "created_by": "/bin/sh -c #(nop) ADD file:091... in /", + "comment": "imported from tarball" + } + ], + "NamesHistory": null + } +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_import: + src: /path/to/tar/file + change: + - "CMD": /bin/bash + - "User": root + commit_message: "Importing image" +''' + +import json # noqa: E402 +from ansible.module_utils.basic import AnsibleModule # noqa: E402 + + +def load(module, executable): + changed = False + command = [executable, 'import'] + if module.params['commit_message']: + command.extend(['--message', module.params['commit_message']]) + if module.params['change']: + for change in module.params['change']: + command += ['--change', "=".join(list(change.items())[0])] + command += [module.params['src']] + changed = True + if module.check_mode: + return changed, '', '', '', command + rc, out, err = module.run_command(command) + if rc != 0: + module.fail_json(msg="Image loading failed: %s" % (err)) + image_name_line = [i for i in out.splitlines() if 'sha256' in i][0] + image_name = image_name_line.split(":", maxsplit=1)[1].strip() + rc, out2, err2 = module.run_command([executable, 'image', 'inspect', image_name]) + if rc != 0: + module.fail_json(msg="Image %s inspection failed: %s" % (image_name, err2)) + try: + info = json.loads(out2)[0] + except Exception as e: + module.fail_json(msg="Could not parse JSON from image %s: %s" % (image_name, e)) + return changed, out, err, info, command + + +def main(): + module = AnsibleModule( + argument_spec=dict( + src=dict(type='str', required=True), + commit_message=dict(type='str'), + change=dict(type='list', elements='dict'), + executable=dict(type='str', default='podman') + ), + supports_check_mode=True, + ) + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err, image_info, command = load(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + "image": image_info, + "podman_command": " ".join(command) + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_load.py b/ansible_collections/containers/podman/plugins/modules/podman_load.py new file mode 100644 index 000000000..4fa7bde01 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_load.py @@ -0,0 +1,199 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2020, Sagi Shnaidman +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_load +short_description: Load image from a tar file. +author: Sagi Shnaidman (@sshnaidm) +description: + - podman load loads an image from either an oci-archive or a docker-archive stored + on the local machine into container storage. + podman load is used for loading from the archive generated by podman save, + that includes the image parent layers. +options: + input: + description: + - Path to image file to load. + type: str + required: true + aliases: + - path + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +image: + description: info from loaded image + returned: always + type: dict + sample: [ + { + "Annotations": {}, + "Architecture": "amd64", + "Author": "", + "Comment": "from Bitnami with love", + "ContainerConfig": { + "Cmd": [ + "nami", + "start", + "--foreground", + "wildfly" + ], + "Entrypoint": [ + "/app-entrypoint.sh" + ], + "Env": [ + "PATH=/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/nami/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "IMAGE_OS=debian-9", + "NAMI_VERSION=0.0.9-0", + "GPG_KEY_SERVERS_LIST=ha.pool.sks-keyservers.net \ +hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu", + "TINI_VERSION=v0.13.2", + "TINI_GPG_KEY=595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7", + "GOSU_VERSION=1.10", + "GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4", + "BITNAMI_IMAGE_VERSION=14.0.1-debian-9-r12", + "BITNAMI_APP_NAME=wildfly", + "WILDFLY_JAVA_HOME=", + "WILDFLY_JAVA_OPTS=", + "WILDFLY_MANAGEMENT_HTTP_PORT_NUMBER=9990", + "WILDFLY_PASSWORD=bitnami", + "WILDFLY_PUBLIC_CONSOLE=true", + "WILDFLY_SERVER_AJP_PORT_NUMBER=8009", + "WILDFLY_SERVER_HTTP_PORT_NUMBER=8080", + "WILDFLY_SERVER_INTERFACE=0.0.0.0", + "WILDFLY_USERNAME=user", + "WILDFLY_WILDFLY_HOME=/home/wildfly", + "WILDFLY_WILDFLY_OPTS=-Dwildfly.as.deployment.ondemand=false" + ], + "ExposedPorts": { + "8080/tcp": {}, + "9990/tcp": {} + }, + "Labels": { + "maintainer": "Bitnami " + } + }, + "Created": "2018-09-25T04:07:45.934395523Z", + "Digest": "sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b", + "GraphDriver": { + "Data": { + "LowerDir": "/var/lib/containers/storage/overlay/a9dbf5616cc16919a8ac0dfc60aff87a72b5be52994c4649fcc91a089a12931\ +f/diff:/var/lib/containers/storage/overlay/67129bd46022122a7d8b7acb490092af6c7ce244ce4fbd7d9e2d2b7f5979e090/diff:/var/lib/containers/storage/overlay/7c51242c\ +4c5db5c74afda76d7fdbeab6965d8b21804bb3fc597dee09c770b0ca/diff:/var/lib/containers/storage/overlay/f97315dc58a9c002ba0cabccb9933d4b0d2113733d204188c88d72f75569b57b/diff:/var/lib/containers/storage/overlay/1dbde2dd497ddde2b467727125b900958a051a72561e58d29abe3d660dcaa9a7/diff:/var/lib/containers/storage/overlay/4aad9d80f30c3f0608f58173558b7554d84dee4dc4479672926eca29f75e6e33/diff:/var/lib/containers/storage/overlay/6751fc9b6868254870c062d75a511543fc8cfda2ce6262f4945f107449219632/diff:/var/lib/containers/storage/overlay/a27034d79081347421dd24d7e9e776c18271cd9a6e51053cb39af4d3d9c400e8/diff:/var/lib/containers/storage/overlay/537cf0045ed9cd7989f7944e7393019c81b16c1799a2198d8348cd182665397f/diff:/var/lib/containers/storage/overlay/27578615c5ae352af4e8449862d61aaf5c11b105a7d5905af55bd01b0c656d6e/diff:/var/lib/containers/storage/overlay/566542742840fe3034b3596f7cb9e62a6274c95a69f368f9e713746f8712c0b6/diff", + "MergedDir": "/var/lib/containers/storage/overlay/72bb96d6\ +c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/merged", + "UpperDir": "/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/diff", + "WorkDir": "/var/lib/containers/storage/overlay/72bb96d6c53ad57a0b1e44cab226a6251598accbead40b23fac89c19ad8c25ca/work" + }, + "Name": "overlay" + }, + "Id": "bcacbdf7a119c0fa934661ca8af839e625ce6540d9ceb6827cdd389f823d49e0", + "Labels": { + "maintainer": "Bitnami " + }, + "ManifestType": "application/vnd.docker.distribution.manifest.v1+prettyjws", + "Os": "linux", + "Parent": "", + "RepoDigests": [ + "quay.io/bitnami/wildfly@sha256:5c7d8e2dd66dcf4a152a4032a1d3c5a33458c67e1c1335edd8d18d738892356b" + ], + "RepoTags": [ + "quay.io/bitnami/wildfly:latest" + ], + "RootFS": { + "Layers": [ + "sha256:75391df2c87e076b0c2f72d20c95c57dc8be7ee684cc07273416cce622b43367", + "sha256:7dd303f041039bfe8f0833092673ac35f93137d10e0fbc4302021ea65ad57731", + "sha256:720d9edf0cd2a9bb56b88b80be9070dbfaad359514c70094c65066963fed485d", + "sha256:6a567ecbf97725501a634fcb486271999aa4591b633b4ae9932a46b40f5aaf47", + "sha256:59e9a6db8f178f3da868614564faabb2820cdfb69be32e63a4405d6f7772f68c", + "sha256:310a82ccb092cd650215ab375da8943d235a263af9a029b8ac26a281446c04db", + "sha256:36cb91cf4513543a8f0953fed785747ea18b675bc2677f3839889cfca0aac79e" + ], + "Type": "layers" + }, + "Size": 569919342, + "User": "", + "Version": "17.06.0-ce", + "VirtualSize": 569919342 + } + ] +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_load: + input: /path/to/tar/file +''' + +import json # noqa: E402 +from ansible.module_utils.basic import AnsibleModule # noqa: E402 + + +def load(module, executable): + changed = False + command = [executable, 'load', '--input'] + command.append(module.params['input']) + changed = True + if module.check_mode: + return changed, '', '', '' + rc, out, err = module.run_command(command) + if rc != 0: + module.fail_json(msg="Image loading failed: %s" % (err)) + image_name_line = [i for i in out.splitlines() if 'Loaded image' in i][0] + # For Podman < 4.x + if 'Loaded image(s):' in image_name_line: + image_name = image_name_line.split("Loaded image(s): ")[1].split(',')[0].strip() + # For Podman > 4.x + elif 'Loaded image:' in image_name_line: + image_name = image_name_line.split("Loaded image: ")[1].strip() + else: + module.fail_json(msg="Not found images in %s" % image_name_line) + rc, out2, err2 = module.run_command([executable, 'image', 'inspect', image_name]) + if rc != 0: + module.fail_json(msg="Image %s inspection failed: %s" % (image_name, err2)) + try: + info = json.loads(out2)[0] + except Exception as e: + module.fail_json(msg="Could not parse JSON from image %s: %s" % (image_name, e)) + return changed, out, err, info + + +def main(): + module = AnsibleModule( + argument_spec=dict( + input=dict(type='str', required=True, aliases=['path']), + executable=dict(type='str', default='podman') + ), + supports_check_mode=True, + ) + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err, image_info = load(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + "image": image_info, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_login.py b/ansible_collections/containers/podman/plugins/modules/podman_login.py new file mode 100644 index 000000000..be417c761 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_login.py @@ -0,0 +1,184 @@ +#!/usr/bin/python +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_login +author: + - "Jason Hiatt (@jthiatt)" + - "Clemens Lange (@clelange)" + - "Michael Fox (@spmfox)" +short_description: Login to a container registry using podman +notes: [] +description: + - Login to a container registry server using the podman login command + If the registry is not specified, the first registry under + `[registries.search]` from `registries.conf `will be used. The path of + the authentication file can be overridden by the user by setting the + `authfile` flag. The default path used is + `${XDG_RUNTIME_DIR}/containers/auth.json`. +requirements: + - "Podman installed on host" +options: + authfile: + description: + - Path of the authentication file. Default is + ``${XDG_RUNTIME_DIR}/containers/auth.json`` + You can also override the default path of the authentication + file by setting the ``REGISTRY_AUTH_FILE`` environment + variable. ``export REGISTRY_AUTH_FILE=path`` + type: path + certdir: + description: + - Use certificates at path (*.crt, *.cert, *.key) to connect + to the registry. Default certificates directory + is /etc/containers/certs.d. + type: path + password: + description: + - Password for the registry server. + required: True + type: str + registry: + description: + - Registry server. If the registry is not specified, + the first registry under `[registries.search]` from + `registries.conf` will be used. + type: str + tlsverify: + description: + - Require HTTPS and verify certificates when + contacting registries. If explicitly set to true, + then TLS verification will be used. If set to false, + then TLS verification will not be used. If not specified, + TLS verification will be used unless the target registry + is listed as an insecure registry in registries.conf. + type: bool + username: + description: + - Username for the registry server. + required: True + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +''' + +EXAMPLES = r""" +- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json + containers.podman.podman_login: + username: user + password: 'p4ssw0rd' + +- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json + containers.podman.podman_login: + username: user + password: 'p4ssw0rd' + registry: quay.io + +""" +# noqa: F402 + +import hashlib +import os +from ansible.module_utils.basic import AnsibleModule + + +def login(module, executable, registry, authfile, + certdir, tlsverify, username, password): + + command = [executable, 'login'] + changed = False + + if username: + command.extend(['--username', username]) + if password: + command.extend(['--password', password]) + if authfile: + command.extend(['--authfile', authfile]) + authfile = os.path.expandvars(authfile) + else: + authfile = os.getenv('XDG_RUNTIME_DIR', '') + '/containers/auth.json' + if registry: + command.append(registry) + if certdir: + command.extend(['--cert-dir', certdir]) + if tlsverify is not None: + if tlsverify: + command.append('--tls-verify') + else: + command.append('--tls-verify=False') + # Use a checksum to check if the auth JSON has changed + checksum = None + docker_authfile = os.path.expandvars('$HOME/.docker/config.json') + # podman falls back to ~/.docker/config.json if the default authfile doesn't exist + check_file = authfile if os.path.exists(authfile) else docker_authfile + if os.path.exists(check_file): + content = open(check_file, 'rb').read() + checksum = hashlib.sha256(content).hexdigest() + rc, out, err = module.run_command(command) + if rc != 0: + if 'Error: Not logged into' not in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (registry, err)) + else: + # If the command is successful, we managed to login + changed = True + if 'Existing credentials are valid' in out: + changed = False + # If we have managed to calculate a checksum before, check if it has changed + # due to the login + if checksum: + content = open(check_file, 'rb').read() + new_checksum = hashlib.sha256(content).hexdigest() + if new_checksum == checksum: + changed = False + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + registry=dict(type='str'), + authfile=dict(type='path'), + username=dict(type='str', required=True), + password=dict(type='str', required=True, no_log=True), + certdir=dict(type='path'), + tlsverify=dict(type='bool'), + ), + supports_check_mode=True, + required_together=( + ['username', 'password'], + ), + mutually_exclusive=( + ['certdir', 'tlsverify'], + ), + ) + + registry = module.params['registry'] + authfile = module.params['authfile'] + username = module.params['username'] + password = module.params['password'] + certdir = module.params['certdir'] + tlsverify = module.params['tlsverify'] + executable = module.get_bin_path(module.params['executable'], required=True) + + changed, out, err = login(module, executable, registry, authfile, + certdir, tlsverify, username, password) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_login_info.py b/ansible_collections/containers/podman/plugins/modules/podman_login_info.py new file mode 100644 index 000000000..739adb134 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_login_info.py @@ -0,0 +1,116 @@ +#!/usr/bin/python +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: podman_login_info +author: + - "Clemens Lange (@clelange)" +version_added: '1.0.0' +short_description: Return the logged-in user if any for a given registry +notes: [] +description: + - Return the logged-in user if any for a given registry. +requirements: + - "Podman installed on host" +options: + registry: + description: + - Registry server. + type: str + required: true + authfile: + description: + - Path of the authentication file. Default is + ``${XDG_RUNTIME_DIR}/containers/auth.json`` + (Not available for remote commands) You can also override the default + path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` + environment variable. ``export REGISTRY_AUTH_FILE=path`` + type: path + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +""" + +EXAMPLES = r""" +- name: Return the logged-in user for docker hub registry + containers.podman.podman_login_info: + registry: docker.io + +- name: Return the logged-in user for quay.io registry + containers.podman.podman_login_info: + registry: quay.io +""" + +RETURN = r""" +login: + description: Logged in user for a registry + returned: always + type: dict + sample: { + "logged_in": true, + "registry": "docker.io", + "username": "clelange", + } +""" + +from ansible.module_utils.basic import AnsibleModule + + +def get_login_info(module, executable, authfile, registry): + command = [executable, 'login', '--get-login'] + result = dict( + registry=registry, + username='', + logged_in=False, + ) + if authfile: + command.extend(['--authfile', authfile]) + if registry: + command.append(registry) + rc, out, err = module.run_command(command) + if rc != 0: + if 'Error: not logged into' in err: + # The error message is e.g. 'Error: not logged into docker.io' + # Therefore get last word to extract registry name + result["registry"] = err.split()[-1] + err = '' + return result + module.fail_json(msg="Unable to gather info for %s: %s" % (registry, err)) + result["username"] = out.strip() + result["logged_in"] = True + return result + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + authfile=dict(type='path'), + registry=dict(type='str', required=True) + ), + supports_check_mode=True, + ) + + registry = module.params['registry'] + authfile = module.params['authfile'] + executable = module.get_bin_path(module.params['executable'], required=True) + + inspect_results = get_login_info(module, executable, authfile, registry) + + results = { + "changed": False, + "login": inspect_results, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_logout.py b/ansible_collections/containers/podman/plugins/modules/podman_logout.py new file mode 100644 index 000000000..d5816a9c0 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_logout.py @@ -0,0 +1,153 @@ +#!/usr/bin/python +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_logout +author: + - "Clemens Lange (@clelange)" +short_description: Log out of a container registry using podman +notes: [] +description: + - Log out of a container registry server using the podman logout command + by deleting the cached credentials stored in the `auth.json` file. + If the registry is not specified, the first registry under + `[registries.search]` from `registries.conf `will be used. The path of + the authentication file can be overridden by the user by setting the + `authfile` flag. The default path used is + `${XDG_RUNTIME_DIR}/containers/auth.json`. + All the cached credentials can be removed by setting the `all` flag. + Warning - podman will use credentials in `${HOME}/.docker/config.json` + to authenticate in case they are not found in the default `authfile`. + However, the logout command will only removed credentials in the + `authfile` specified. +requirements: + - "Podman installed on host" +options: + registry: + description: + - Registry server. If the registry is not specified, + the first registry under `[registries.search]` from + `registries.conf` will be used. + type: str + authfile: + description: + - Path of the authentication file. Default is + ``${XDG_RUNTIME_DIR}/containers/auth.json`` + You can also override the default path of the authentication + file by setting the ``REGISTRY_AUTH_FILE`` environment + variable. ``export REGISTRY_AUTH_FILE=path`` + type: path + all: + description: + - Remove the cached credentials for all registries in the auth file. + type: bool + ignore_docker_credentials: + description: + - Credentials created using other tools such as `docker login` are not + removed unless the corresponding `authfile` is explicitly specified. + Since podman also uses existing credentials in these files by default + (for docker e.g. `${HOME}/.docker/config.json`), module execution will + fail if a docker login exists for the registry specified in any + `authfile` is used by podman. This can be ignored by setting + `ignore_docker_credentials` to `true` - the credentials will be kept and + `changed` will be false. + This option cannot be used together with `all` since in this case + podman will not check for existing `authfiles` created by other tools. + type: bool + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +''' + +EXAMPLES = r""" +- name: Log out of default registry + podman_logout: + +- name: Log out of quay.io + podman_logout: + registry: quay.io + +- name: Log out of all registries in auth file + podman_logout: + all: true + +- name: Log out of all registries in specified auth file + podman_logout: + authfile: $HOME/.docker/config.json + all: true +""" +# noqa: F402 + +from ansible.module_utils.basic import AnsibleModule + + +def logout(module, executable, registry, authfile, all_registries, ignore_docker_credentials): + command = [executable, 'logout'] + changed = False + if authfile: + command.extend(['--authfile', authfile]) + if registry: + command.append(registry) + if all_registries: + command.append("--all") + rc, out, err = module.run_command(command) + if rc != 0: + if 'Error: Not logged into' not in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (registry, err)) + else: + # If the command is successful, we managed to log out + # Mind: This also applied if --all flag is used, while in this case + # there is no check whether one has been logged into any registry + changed = True + if 'Existing credentials were established via' in out: + # The command will return successfully but not log out the user if the + # credentials were initially created using docker. Catch this behaviour: + if not ignore_docker_credentials: + module.fail_json(msg="Unable to log out %s: %s" % (registry or '', out)) + else: + changed = False + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + registry=dict(type='str'), + authfile=dict(type='path'), + all=dict(type='bool'), + ignore_docker_credentials=dict(type='bool'), + ), + supports_check_mode=True, + mutually_exclusive=( + ['registry', 'all'], + ['ignore_docker_credentials', 'all'], + ), + ) + + registry = module.params['registry'] + authfile = module.params['authfile'] + all_registries = module.params['all'] + ignore_docker_credentials = module.params['ignore_docker_credentials'] + executable = module.get_bin_path(module.params['executable'], required=True) + + changed, out, err = logout(module, executable, registry, authfile, + all_registries, ignore_docker_credentials) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_network.py b/ansible_collections/containers/podman/plugins/modules/podman_network.py new file mode 100644 index 000000000..846524b65 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_network.py @@ -0,0 +1,673 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: podman_network +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.0.0' +short_description: Manage podman networks +notes: [] +description: + - Manage podman networks with podman network command. +requirements: + - podman +options: + name: + description: + - Name of the network + type: str + required: True + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str + disable_dns: + description: + - disable dns plugin (default "false") + type: bool + driver: + description: + - Driver to manage the network (default "bridge") + type: str + gateway: + description: + - IPv4 or IPv6 gateway for the subnet + type: str + internal: + description: + - Restrict external access from this network (default "false") + type: bool + ip_range: + description: + - Allocate container IP from range + type: str + ipv6: + description: + - Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. + The subnet option must be used with the ipv6 option. + type: bool + subnet: + description: + - Subnet in CIDR format + type: str + macvlan: + description: + - Create a Macvlan connection based on this device + type: str + opt: + description: + - Add network options. Currently 'vlan' and 'mtu' are supported. + type: dict + suboptions: + isolate: + description: + - This option isolates networks by blocking traffic between those + that have this option enabled. + type: bool + required: false + metric: + description: + - Sets the Route Metric for the default route created in every + container joined to this network. + Can only be used with the Netavark network backend. + type: int + required: false + mode: + description: + - This option sets the specified ip/macvlan mode on the interface. + type: str + required: false + mtu: + description: + - MTU size for bridge network interface. + type: int + required: false + parent: + description: + - The host device which should be used for the macvlan interface. + Defaults to the default route interface. + type: str + required: false + vlan: + description: + - VLAN tag for bridge which enables vlan_filtering. + type: int + required: false + debug: + description: + - Return additional information which can be helpful for investigations. + type: bool + default: False + state: + description: + - State of network, default 'present' + type: str + default: present + choices: + - present + - absent + recreate: + description: + - Recreate network even if exists. + type: bool + default: false +""" + +EXAMPLES = r""" +- name: Create a podman network + containers.podman.podman_network: + name: podman_network + become: true + +- name: Create internal podman network + containers.podman.podman_network: + name: podman_internal + internal: true + ip_range: 192.168.22.128/25 + subnet: 192.168.22.0/24 + gateway: 192.168.22.1 + become: true +""" + +RETURN = r""" +network: + description: Facts from created or updated networks + returned: always + type: list + sample: [ + { + "cniVersion": "0.4.0", + "name": "podman", + "plugins": [ + { + "bridge": "cni-podman0", + "ipMasq": true, + "ipam": { + "ranges": [ + [ + { + "gateway": "10.88.0.1", + "subnet": "10.88.0.0/16" + } + ] + ], + "routes": [ + { + "dst": "0.0.0.0/0" + } + ], + "type": "host-local" + }, + "isGateway": true, + "type": "bridge" + }, + { + "capabilities": { + "portMappings": true + }, + "type": "portmap" + }, + { + "backend": "iptables", + "type": "firewall" + } + ] + } + ] +""" + +import json # noqa: F402 +try: + import ipaddress + HAS_IP_ADDRESS_MODULE = True +except ImportError: + HAS_IP_ADDRESS_MODULE = False + +from ansible.module_utils.basic import AnsibleModule # noqa: F402 +from ansible.module_utils._text import to_bytes, to_native # noqa: F402 +from ansible_collections.containers.podman.plugins.module_utils.podman.common import LooseVersion +from ansible_collections.containers.podman.plugins.module_utils.podman.common import lower_keys + + +class PodmanNetworkModuleParams: + """Creates list of arguments for podman CLI command. + + Arguments: + action {str} -- action type from 'create', 'delete' + params {dict} -- dictionary of module parameters + + """ + + def __init__(self, action, params, podman_version, module): + self.params = params + self.action = action + self.podman_version = podman_version + self.module = module + + def construct_command_from_params(self): + """Create a podman command from given module parameters. + + Returns: + list -- list of byte strings for Popen command + """ + if self.action in ['delete']: + return self._simple_action() + if self.action in ['create']: + return self._create_action() + + def _simple_action(self): + if self.action == 'delete': + cmd = ['rm', '-f', self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def _create_action(self): + cmd = [self.action, self.params['name']] + all_param_methods = [func for func in dir(self) + if callable(getattr(self, func)) + and func.startswith("addparam")] + params_set = (i for i in self.params if self.params[i] is not None) + for param in params_set: + func_name = "_".join(["addparam", param]) + if func_name in all_param_methods: + cmd = getattr(self, func_name)(cmd) + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def check_version(self, param, minv=None, maxv=None): + if minv and LooseVersion(minv) > LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported from podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + if maxv and LooseVersion(maxv) < LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported till podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + + def addparam_gateway(self, c): + return c + ['--gateway', self.params['gateway']] + + def addparam_driver(self, c): + return c + ['--driver', self.params['driver']] + + def addparam_subnet(self, c): + return c + ['--subnet', self.params['subnet']] + + def addparam_ip_range(self, c): + return c + ['--ip-range', self.params['ip_range']] + + def addparam_ipv6(self, c): + return c + ['--ipv6=%s' % self.params['ipv6']] + + def addparam_macvlan(self, c): + return c + ['--macvlan', self.params['macvlan']] + + def addparam_internal(self, c): + return c + ['--internal=%s' % self.params['internal']] + + def addparam_opt(self, c): + for opt in self.params['opt'].items(): + if opt[1] is not None: + c += ['--opt', + b"=".join([to_bytes(k, errors='surrogate_or_strict') + for k in opt])] + return c + + def addparam_disable_dns(self, c): + return c + ['--disable-dns=%s' % self.params['disable_dns']] + + +class PodmanNetworkDefaults: + def __init__(self, module, podman_version): + self.module = module + self.version = podman_version + self.defaults = { + 'driver': 'bridge', + 'disable_dns': False, + 'internal': False, + 'ipv6': False + } + + def default_dict(self): + # make here any changes to self.defaults related to podman version + return self.defaults + + +class PodmanNetworkDiff: + def __init__(self, module, info, podman_version): + self.module = module + self.version = podman_version + self.default_dict = None + self.info = lower_keys(info) + self.params = self.defaultize() + self.diff = {'before': {}, 'after': {}} + self.non_idempotent = {} + + def defaultize(self): + params_with_defaults = {} + self.default_dict = PodmanNetworkDefaults( + self.module, self.version).default_dict() + for p in self.module.params: + if self.module.params[p] is None and p in self.default_dict: + params_with_defaults[p] = self.default_dict[p] + else: + params_with_defaults[p] = self.module.params[p] + return params_with_defaults + + def _diff_update_and_compare(self, param_name, before, after): + if before != after: + self.diff['before'].update({param_name: before}) + self.diff['after'].update({param_name: after}) + return True + return False + + def diffparam_disable_dns(self): + # For v3 it's impossible to find out DNS settings. + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + before = not self.info.get('dns_enabled', True) + after = self.params['disable_dns'] + return self._diff_update_and_compare('disable_dns', before, after) + before = after = self.params['disable_dns'] + return self._diff_update_and_compare('disable_dns', before, after) + + def diffparam_driver(self): + # Currently only bridge is supported + before = after = 'bridge' + return self._diff_update_and_compare('driver', before, after) + + def diffparam_ipv6(self): + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + before = self.info.get('ipv6_enabled', False) + after = self.params['ipv6'] + return self._diff_update_and_compare('ipv6', before, after) + before = after = '' + return self._diff_update_and_compare('ipv6', before, after) + + def diffparam_gateway(self): + # Disable idempotency of subnet for v4, subnets are added automatically + # TODO(sshnaidm): check if it's still the issue in v5 + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + return self._diff_update_and_compare('gateway', '', '') + try: + before = self.info['plugins'][0]['ipam']['ranges'][0][0]['gateway'] + except (IndexError, KeyError): + before = '' + after = before + if self.params['gateway'] is not None: + after = self.params['gateway'] + return self._diff_update_and_compare('gateway', before, after) + + def diffparam_internal(self): + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + before = self.info.get('internal', False) + after = self.params['internal'] + return self._diff_update_and_compare('internal', before, after) + try: + before = not self.info['plugins'][0]['isgateway'] + except (IndexError, KeyError): + before = False + after = self.params['internal'] + return self._diff_update_and_compare('internal', before, after) + + def diffparam_ip_range(self): + # TODO(sshnaidm): implement IP to CIDR convert and vice versa + before = after = '' + return self._diff_update_and_compare('ip_range', before, after) + + def diffparam_subnet(self): + # Disable idempotency of subnet for v4, subnets are added automatically + # TODO(sshnaidm): check if it's still the issue in v5 + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + return self._diff_update_and_compare('subnet', '', '') + try: + before = self.info['plugins'][0]['ipam']['ranges'][0][0]['subnet'] + except (IndexError, KeyError): + before = '' + after = before + if self.params['subnet'] is not None: + after = self.params['subnet'] + if HAS_IP_ADDRESS_MODULE: + after = ipaddress.ip_network(after).compressed + return self._diff_update_and_compare('subnet', before, after) + + def diffparam_macvlan(self): + before = after = '' + return self._diff_update_and_compare('macvlan', before, after) + + def diffparam_opt(self): + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + vlan_before = self.info.get('options', {}).get('vlan') + else: + try: + vlan_before = self.info['plugins'][0].get('vlan') + except (IndexError, KeyError): + vlan_before = None + vlan_after = self.params['opt'].get('vlan') if self.params['opt'] else None + if vlan_before or vlan_after: + before, after = {'vlan': str(vlan_before)}, {'vlan': str(vlan_after)} + else: + before, after = {}, {} + if LooseVersion(self.version) >= LooseVersion('4.0.0'): + mtu_before = self.info.get('options', {}).get('mtu') + else: + try: + mtu_before = self.info['plugins'][0].get('mtu') + except (IndexError, KeyError): + mtu_before = None + mtu_after = self.params['opt'].get('mtu') if self.params['opt'] else None + if mtu_before or mtu_after: + before.update({'mtu': str(mtu_before)}) + after.update({'mtu': str(mtu_after)}) + return self._diff_update_and_compare('opt', before, after) + + def is_different(self): + diff_func_list = [func for func in dir(self) + if callable(getattr(self, func)) and func.startswith( + "diffparam")] + fail_fast = not bool(self.module._diff) + different = False + for func_name in diff_func_list: + dff_func = getattr(self, func_name) + if dff_func(): + if fail_fast: + return True + different = True + # Check non idempotent parameters + for p in self.non_idempotent: + if self.module.params[p] is not None and self.module.params[p] not in [{}, [], '']: + different = True + return different + + +class PodmanNetwork: + """Perform network tasks. + + Manages podman network, inspects it and checks its current state + """ + + def __init__(self, module, name): + """Initialize PodmanNetwork class. + + Arguments: + module {obj} -- ansible module object + name {str} -- name of network + """ + + super(PodmanNetwork, self).__init__() + self.module = module + self.name = name + self.stdout, self.stderr = '', '' + self.info = self.get_info() + self.version = self._get_podman_version() + self.diff = {} + self.actions = [] + + @property + def exists(self): + """Check if network exists.""" + return bool(self.info != {}) + + @property + def different(self): + """Check if network is different.""" + diffcheck = PodmanNetworkDiff( + self.module, + self.info, + self.version) + is_different = diffcheck.is_different() + diffs = diffcheck.diff + if self.module._diff and is_different and diffs['before'] and diffs['after']: + self.diff['before'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['before'].items())]) + "\n" + self.diff['after'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['after'].items())]) + "\n" + return is_different + + def get_info(self): + """Inspect network and gather info about it.""" + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'network', b'inspect', self.name]) + return json.loads(out)[0] if rc == 0 else {} + + def _get_podman_version(self): + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'--version']) + if rc != 0 or not out or "version" not in out: + self.module.fail_json(msg="%s run failed!" % + self.module.params['executable']) + return out.split("version")[1].strip() + + def _perform_action(self, action): + """Perform action with network. + + Arguments: + action {str} -- action to perform - create, stop, delete + """ + b_command = PodmanNetworkModuleParams(action, + self.module.params, + self.version, + self.module, + ).construct_command_from_params() + full_cmd = " ".join([self.module.params['executable'], 'network'] + + [to_native(i) for i in b_command]) + self.module.log("PODMAN-NETWORK-DEBUG: %s" % full_cmd) + self.actions.append(full_cmd) + if not self.module.check_mode: + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'network'] + b_command, + expand_user_and_vars=False) + self.stdout = out + self.stderr = err + if rc != 0: + self.module.fail_json( + msg="Can't %s network %s" % (action, self.name), + stdout=out, stderr=err) + + def delete(self): + """Delete the network.""" + self._perform_action('delete') + + def create(self): + """Create the network.""" + self._perform_action('create') + + def recreate(self): + """Recreate the network.""" + self.delete() + self.create() + + +class PodmanNetworkManager: + """Module manager class. + + Defines according to parameters what actions should be applied to network + """ + + def __init__(self, module): + """Initialize PodmanManager class. + + Arguments: + module {obj} -- ansible module object + """ + + super(PodmanNetworkManager, self).__init__() + + self.module = module + self.results = { + 'changed': False, + 'actions': [], + 'network': {}, + } + self.name = self.module.params['name'] + self.executable = \ + self.module.get_bin_path(self.module.params['executable'], + required=True) + self.state = self.module.params['state'] + self.recreate = self.module.params['recreate'] + self.network = PodmanNetwork(self.module, self.name) + + def update_network_result(self, changed=True): + """Inspect the current network, update results with last info, exit. + + Keyword Arguments: + changed {bool} -- whether any action was performed + (default: {True}) + """ + facts = self.network.get_info() if changed else self.network.info + out, err = self.network.stdout, self.network.stderr + self.results.update({'changed': changed, 'network': facts, + 'podman_actions': self.network.actions}, + stdout=out, stderr=err) + if self.network.diff: + self.results.update({'diff': self.network.diff}) + if self.module.params['debug']: + self.results.update({'podman_version': self.network.version}) + self.module.exit_json(**self.results) + + def execute(self): + """Execute the desired action according to map of actions & states.""" + states_map = { + 'present': self.make_present, + 'absent': self.make_absent, + } + process_action = states_map[self.state] + process_action() + self.module.fail_json(msg="Unexpected logic error happened, " + "please contact maintainers ASAP!") + + def make_present(self): + """Run actions if desired state is 'started'.""" + if not self.network.exists: + self.network.create() + self.results['actions'].append('created %s' % self.network.name) + self.update_network_result() + elif self.recreate or self.network.different: + self.network.recreate() + self.results['actions'].append('recreated %s' % + self.network.name) + self.update_network_result() + else: + self.update_network_result(changed=False) + + def make_absent(self): + """Run actions if desired state is 'absent'.""" + if not self.network.exists: + self.results.update({'changed': False}) + elif self.network.exists: + self.network.delete() + self.results['actions'].append('deleted %s' % self.network.name) + self.results.update({'changed': True}) + self.results.update({'network': {}, + 'podman_actions': self.network.actions}) + self.module.exit_json(**self.results) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + state=dict(type='str', default="present", + choices=['present', 'absent']), + name=dict(type='str', required=True), + disable_dns=dict(type='bool', required=False), + driver=dict(type='str', required=False), + gateway=dict(type='str', required=False), + internal=dict(type='bool', required=False), + ip_range=dict(type='str', required=False), + ipv6=dict(type='bool', required=False), + subnet=dict(type='str', required=False), + macvlan=dict(type='str', required=False), + opt=dict(type='dict', required=False, + options=dict( + isolate=dict(type='bool', required=False), + mtu=dict(type='int', required=False), + metric=dict(type='int', required=False), + mode=dict(type='str', required=False), + parent=dict(type='str', required=False), + vlan=dict(type='int', required=False), + )), + executable=dict(type='str', required=False, default='podman'), + debug=dict(type='bool', default=False), + recreate=dict(type='bool', default=False), + ), + required_by=dict( # for IP range and GW to set 'subnet' is required + ip_range=('subnet'), + gateway=('subnet'), + )) + + PodmanNetworkManager(module).execute() + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_network_info.py b/ansible_collections/containers/podman/plugins/modules/podman_network_info.py new file mode 100644 index 000000000..a9e18cd4d --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_network_info.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: podman_network_info +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.0.0' +short_description: Gather info about podman networks +notes: [] +description: + - Gather info about podman networks with podman inspect command. +requirements: + - "Podman installed on host" +options: + name: + description: + - Name of the network + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +""" + +EXAMPLES = r""" +- name: Gather info about all present networks + containers.podman.podman_network_info: + +- name: Gather info about specific network + containers.podman.podman_network_info: + name: podman +""" + +RETURN = r""" +networks: + description: Facts from all or specified networks + returned: always + type: list + sample: [ + { + "cniVersion": "0.4.0", + "name": "podman", + "plugins": [ + { + "bridge": "cni-podman0", + "ipMasq": true, + "ipam": { + "ranges": [ + [ + { + "gateway": "10.88.0.1", + "subnet": "10.88.0.0/16" + } + ] + ], + "routes": [ + { + "dst": "0.0.0.0/0" + } + ], + "type": "host-local" + }, + "isGateway": true, + "type": "bridge" + }, + { + "capabilities": { + "portMappings": true + }, + "type": "portmap" + }, + { + "backend": "iptables", + "type": "firewall" + } + ] + } + ] +""" + +import json +from ansible.module_utils.basic import AnsibleModule + + +def get_network_info(module, executable, name): + command = [executable, 'network', 'inspect'] + if not name: + all_names = [executable, 'network', 'ls', '-q'] + rc, out, err = module.run_command(all_names) + if rc != 0: + module.fail_json(msg="Unable to get list of networks: %s" % err) + name = out.split() + if not name: + return [], out, err + command += name + else: + command.append(name) + rc, out, err = module.run_command(command) + if rc != 0 or 'unable to find network configuration' in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (name, err)) + if not out or json.loads(out) is None: + return [], out, err + return json.loads(out), out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + name=dict(type='str') + ), + supports_check_mode=True, + ) + + name = module.params['name'] + executable = module.get_bin_path(module.params['executable'], required=True) + + inspect_results, out, err = get_network_info(module, executable, name) + + results = { + "changed": False, + "networks": inspect_results, + "stderr": err + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_play.py b/ansible_collections/containers/podman/plugins/modules/podman_play.py new file mode 100644 index 000000000..04a30441b --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_play.py @@ -0,0 +1,311 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = r''' +module: podman_play +author: + - "Sagi Shnaidman (@sshnaidm)" +short_description: Play kubernetes YAML file using podman +notes: [] +description: + - The module reads in a structured file of Kubernetes YAML. + It will then recreate the pod and containers described in the YAML. +requirements: + - "Podman installed on host" +options: + executable: + description: + - Name of executable to run, by default 'podman' + type: str + default: podman + kube_file: + description: + - Path to file with YAML configuration for a Pod. + type: path + required: True + authfile: + description: + - Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, + which is set using podman login. If the authorization state is not found there, + $HOME/.docker/config.json is checked, which is set using docker login. + Note - You can also override the default path of the authentication file + by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path + type: path + cert_dir: + description: + - Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. + Default certificates directory is /etc/containers/certs.d. + (This option is not available with the remote Podman client) + type: path + configmap: + description: + - Use Kubernetes configmap YAML at path to provide a source for environment + variable values within the containers of the pod. + Note - The configmap option can be used multiple times to pass multiple + Kubernetes configmap YAMLs + type: list + elements: path + seccomp_profile_root: + description: + - Directory path for seccomp profiles (default is "/var/lib/kubelet/seccomp"). + This option is not available with the remote Podman client + type: path + username: + description: + - The username and password to use to authenticate with the registry if required. + type: str + password: + description: + - The username and password to use to authenticate with the registry if required. + type: str + log_driver: + description: + - Set logging driver for all created containers. + type: str + log_level: + description: + - Set logging level for podman calls. Log messages above specified level + ("debug"|"info"|"warn"|"error"|"fatal"|"panic") (default "error") + type: str + choices: + - debug + - info + - warn + - error + - fatal + - panic + network: + description: + - List of the names of CNI networks the pod should join. + type: list + elements: str + state: + description: + - Start the pod after creating it, or to leave it created only. + type: str + choices: + - created + - started + - absent + required: True + tls_verify: + description: + - Require HTTPS and verify certificates when contacting registries (default is true). + If explicitly set to true, then TLS verification will be used. If set to false, + then TLS verification will not be used. If not specified, TLS verification will be + used unless the target registry is listed as an insecure registry in registries.conf. + type: bool + debug: + description: + - Enable debug for the module. + type: bool + recreate: + description: + - If pod already exists, delete it and run the new one. + type: bool + quiet: + description: + - Hide image pulls logs from output. + type: bool + userns: + description: + - Set the user namespace mode for all the containers in a pod. + It defaults to the PODMAN_USERNS environment variable. + An empty value ("") means user namespaces are disabled. + required: false + type: str +''' + +EXAMPLES = ''' +- name: Play kube file + containers.podman.podman_play: + kube_file: ~/kube.yaml + state: started + +''' +import re # noqa: F402 +try: + import yaml + HAS_YAML = True +except ImportError: + HAS_YAML = False + +from ansible.module_utils.basic import AnsibleModule # noqa: F402 + + +class PodmanKubeManagement: + + def __init__(self, module, executable): + self.module = module + self.actions = [] + self.executable = executable + self.command = [self.executable, 'play', 'kube'] + creds = [] + # pod_name = extract_pod_name(module.params['kube_file']) + if self.module.params['username']: + creds += [self.module.params['username']] + if self.module.params['password']: + creds += [self.module.params['password']] + creds = ":".join(creds) + self.command.extend(['--creds=%s' % creds]) + if self.module.params['network']: + networks = ",".join(self.module.params['network']) + self.command.extend(['--network=%s' % networks]) + if self.module.params['configmap']: + configmaps = ",".join(self.module.params['configmap']) + self.command.extend(['--configmap=%s' % configmaps]) + start = self.module.params['state'] == 'started' + self.command.extend(['--start=%s' % str(start).lower()]) + for arg, param in { + '--authfile': 'authfile', + '--cert-dir': 'cert_dir', + '--log-driver': 'log_driver', + '--seccomp-profile-root': 'seccomp_profile_root', + '--tls-verify': 'tls_verify', + '--log-level': 'log_level', + '--userns': 'userns', + '--quiet': 'quiet', + }.items(): + if self.module.params[param] is not None: + self.command += ["%s=%s" % (arg, self.module.params[param])] + self.command += [self.module.params['kube_file']] + + def _command_run(self, cmd): + rc, out, err = self.module.run_command(cmd) + self.actions.append(" ".join(cmd)) + if self.module.params['debug']: + self.module.log('PODMAN-PLAY-KUBE command: %s' % " ".join(cmd)) + self.module.log('PODMAN-PLAY-KUBE stdout: %s' % out) + self.module.log('PODMAN-PLAY-KUBE stderr: %s' % err) + self.module.log('PODMAN-PLAY-KUBE rc: %s' % rc) + return rc, out, err + + def discover_pods(self): + pod_name = '' + if self.module.params['kube_file']: + if HAS_YAML: + with open(self.module.params['kube_file']) as f: + pod = yaml.safe_load(f) + if 'metadata' in pod: + pod_name = pod['metadata'].get('name') + else: + self.module.fail_json( + "No metadata in Kube file!\n%s" % pod) + else: + with open(self.module.params['kube_file']) as text: + # the following formats are matched for a kube name: + # should match name field within metadata (2 or 4 spaces in front of name) + # the name can be written without quotes, in single or double quotes + # the name can contain -_ + re_pod_name = re.compile(r'^\s{2,4}name: ["|\']?(?P[\w|\-|\_]+)["|\']?', re.MULTILINE) + re_pod = re_pod_name.search(text.read()) + if re_pod: + pod_name = re_pod.group(1) + if not pod_name: + self.module.fail_json("Deployment doesn't have a name!") + # Find all pods + all_pods = '' + # In case of one pod or replicasets + for name in ("name=%s$", "name=%s-pod-*"): + cmd = [self.executable, + "pod", "ps", "-q", "--filter", name % pod_name] + rc, out, err = self._command_run(cmd) + all_pods += out + ids = list(set([i for i in all_pods.splitlines() if i])) + return ids + + def remove_associated_pods(self, pods): + changed = False + out_all, err_all = '', '' + # Delete all pods + for pod_id in pods: + rc, out, err = self._command_run( + [self.executable, "pod", "rm", "-f", pod_id]) + if rc != 0: + self.module.fail_json("Can NOT delete Pod %s" % pod_id) + else: + changed = True + out_all += out + err_all += err + return changed, out_all, err_all + + def pod_recreate(self): + pods = self.discover_pods() + self.remove_associated_pods(pods) + # Create a pod + rc, out, err = self._command_run(self.command) + if rc != 0: + self.module.fail_json("Can NOT create Pod! Error: %s" % err) + return out, err + + def play(self): + rc, out, err = self._command_run(self.command) + if rc != 0 and 'pod already exists' in err: + if self.module.params['recreate']: + out, err = self.pod_recreate() + changed = True + else: + changed = False + err = "\n".join([ + i for i in err.splitlines() if 'pod already exists' not in i]) + elif rc != 0: + self.module.fail_json(msg="Output: %s\nError=%s" % (out, err)) + else: + changed = True + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + kube_file=dict(type='path', required=True), + authfile=dict(type='path'), + cert_dir=dict(type='path'), + configmap=dict(type='list', elements='path'), + seccomp_profile_root=dict(type='path'), + username=dict(type='str'), + password=dict(type='str', no_log=True), + log_driver=dict(type='str'), + network=dict(type='list', elements='str'), + state=dict( + type='str', + choices=['started', 'created', 'absent'], + required=True), + tls_verify=dict(type='bool'), + debug=dict(type='bool'), + quiet=dict(type='bool'), + recreate=dict(type='bool'), + userns=dict(type='str'), + log_level=dict( + type='str', + choices=["debug", "info", "warn", "error", "fatal", "panic"]), + ), + supports_check_mode=True, + ) + + executable = module.get_bin_path( + module.params['executable'], required=True) + manage = PodmanKubeManagement(module, executable) + if module.params['state'] == 'absent': + pods = manage.discover_pods() + changed, out, err = manage.remove_associated_pods(pods) + else: + changed, out, err = manage.play() + results = { + "changed": changed, + "stdout": out, + "stderr": err, + "actions": manage.actions + } + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_pod.py b/ansible_collections/containers/podman/plugins/modules/podman_pod.py new file mode 100644 index 000000000..ab475de99 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_pod.py @@ -0,0 +1,415 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# flake8: noqa: E501 +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: podman_pod +short_description: Manage Podman pods +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.0.0' +description: + - Manage podman pods. +options: + state: + description: + - This variable is set for state + type: str + default: created + choices: + - created + - killed + - restarted + - absent + - started + - stopped + - paused + - unpaused + recreate: + description: + - Use with present and started states to force the re-creation of an + existing pod. + type: bool + default: False + add_host: + description: + - Add a host to the /etc/hosts file shared between all containers in the pod. + type: list + elements: str + required: false + cgroup_parent: + description: + - Path to cgroups under which the cgroup for the pod will be created. If the path + is not absolute, he path is considered to be relative to the cgroups path of the + init process. Cgroups will be created if they do not already exist. + type: str + required: false + cpus: + description: + - Set the total number of CPUs delegated to the pod. + Default is 0.000 which indicates that there is no limit on computation power. + required: false + type: str + cpuset_cpus: + description: + - Limit the CPUs to support execution. First CPU is numbered 0. + Unlike `cpus` this is of type string and parsed as a list of numbers. Format is 0-3,0,1 + required: false + type: str + device: + description: + - Add a host device to the pod. Optional permissions parameter can be used to specify + device permissions. It is a combination of r for read, w for write, and m for mknod(2) + elements: str + required: false + type: list + device_read_bps: + description: + - Limit read rate (bytes per second) from a device (e.g. device-read-bps=/dev/sda:1mb) + elements: str + required: false + type: list + dns: + description: + - Set custom DNS servers in the /etc/resolv.conf file that will be shared between + all containers in the pod. A special option, "none" is allowed which disables + creation of /etc/resolv.conf for the pod. + type: list + elements: str + required: false + dns_opt: + description: + - Set custom DNS options in the /etc/resolv.conf file that will be shared between + all containers in the pod. + type: list + elements: str + required: false + dns_search: + description: + - Set custom DNS search domains in the /etc/resolv.conf file that will be shared + between all containers in the pod. + type: list + elements: str + required: false + generate_systemd: + description: + - Generate systemd unit file for container. + type: dict + default: {} + suboptions: + path: + description: + - Specify a path to the directory where unit files will be generated. + Required for this option. If it doesn't exist, the directory will be created. + type: str + required: false + restart_policy: + description: + - Specify a restart policy for the service. The restart-policy must be one of + "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always". + The default policy is "on-failure". + type: str + required: false + choices: + - 'no' + - 'on-success' + - 'on-failure' + - 'on-abnormal' + - 'on-watchdog' + - 'on-abort' + - 'always' + time: + description: + - Override the default stop timeout for the container with the given value. + type: int + required: false + no_header: + description: + - Do not generate the header including meta data such as the Podman version and the timestamp. + From podman version 3.1.0. + type: bool + default: false + names: + description: + - Use names of the containers for the start, stop, and description in the unit file. + Default is true. + type: bool + default: true + container_prefix: + description: + - Set the systemd unit name prefix for containers. The default is "container". + type: str + required: false + pod_prefix: + description: + - Set the systemd unit name prefix for pods. The default is "pod". + type: str + required: false + separator: + description: + - Set the systemd unit name separator between the name/id of a + container/pod and the prefix. The default is "-" (dash). + type: str + required: false + new: + description: + - Create containers and pods when the unit is started instead of + expecting them to exist. The default is "false". + Refer to podman-generate-systemd(1) for more information. + type: bool + default: false + after: + type: list + elements: str + required: false + description: + - Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service. + wants: + type: list + elements: str + required: false + description: + - Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on. + requires: + type: list + elements: str + required: false + description: + - Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency. + gidmap: + description: + - GID map for the user namespace. Using this flag will run the container with + user namespace enabled. It conflicts with the `userns` and `subgidname` flags. + elements: str + required: false + type: list + hostname: + description: + - Set a hostname to the pod + type: str + required: false + infra: + description: + - Create an infra container and associate it with the pod. An infra container is + a lightweight container used to coordinate the shared kernel namespace of a pod. + Default is true. + type: bool + required: false + infra_conmon_pidfile: + description: + - Write the pid of the infra container's conmon process to a file. As conmon runs + in a separate process than Podman, this is necessary when using systemd to manage + Podman containers and pods. + type: str + required: false + infra_command: + description: + - The command that will be run to start the infra container. Default is "/pause". + type: str + required: false + infra_image: + description: + - The image that will be created for the infra container. Default is "k8s.gcr.io/pause:3.1". + type: str + required: false + infra_name: + description: + - The name that will be used for the pod's infra container. + type: str + required: false + ip: + description: + - Set a static IP for the pod's shared network. + type: str + required: false + label: + description: + - Add metadata to a pod, pass dictionary of label keys and values. + type: dict + required: false + label_file: + description: + - Read in a line delimited file of labels. + type: str + required: false + mac_address: + description: + - Set a static MAC address for the pod's shared network. + type: str + required: false + name: + description: + - Assign a name to the pod. + type: str + required: true + network: + description: + - Set network mode for the pod. Supported values are bridge (the default), host + (do not create a network namespace, all containers in the pod will use the host's + network), or a list of names of CNI networks to join. + type: list + elements: str + required: false + network_alias: + description: + - Add a network-scoped alias for the pod, setting the alias for all networks that the pod joins. + To set a name only for a specific network, use the alias option as described under the -`network` option. + Network aliases work only with the bridge networking mode. + This option can be specified multiple times. + elements: str + required: false + type: list + aliases: + - network_aliases + no_hosts: + description: + - Disable creation of /etc/hosts for the pod. + type: bool + required: false + pid: + description: + - Set the PID mode for the pod. The default is to create a private PID namespace + for the pod. Requires the PID namespace to be shared via `share` option. + required: false + type: str + pod_id_file: + description: + - Write the pod ID to the file. + type: str + required: false + publish: + description: + - Publish a port or range of ports from the pod to the host. + type: list + elements: str + required: false + aliases: + - ports + share: + description: + - A comma delimited list of kernel namespaces to share. If none or "" is specified, + no namespaces will be shared. The namespaces to choose from are ipc, net, pid, + user, uts. + type: str + required: false + subgidname: + description: + - Name for GID map from the /etc/subgid file. Using this flag will run the container + with user namespace enabled. This flag conflicts with `userns` and `gidmap`. + required: false + type: str + subuidname: + description: + - Name for UID map from the /etc/subuid file. + Using this flag will run the container with user namespace enabled. + This flag conflicts with `userns` and `uidmap`. + required: false + type: str + uidmap: + description: + - Run the container in a new user namespace using the supplied mapping. + This option conflicts with the `userns` and `subuidname` options. + This option provides a way to map host UIDs to container UIDs. + It can be passed several times to map different ranges. + elements: str + required: false + type: list + userns: + description: + - Set the user namespace mode for all the containers in a pod. + It defaults to the PODMAN_USERNS environment variable. + An empty value ("") means user namespaces are disabled. + required: false + type: str + volume: + description: + - Create a bind mount. + aliases: + - volumes + elements: str + required: false + type: list + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str + debug: + description: + - Return additional information which can be helpful for investigations. + type: bool + default: False + +requirements: + - "podman" + +''' + +RETURN = ''' +pod: + description: Pod inspection results for the given pod + built. + returned: always + type: dict + sample: + Config: + cgroupParent: /libpod_parent + created: '2020-06-14T15:16:12.230818767+03:00' + hostname: newpod + id: a5a5c6cdf8c72272fc5c33f787e8d7501e2fa0c1e92b2b602860defdafeeec58 + infraConfig: + infraPortBindings: null + makeInfraContainer: true + labels: {} + lockID: 515 + name: newpod + sharesCgroup: true + sharesIpc: true + sharesNet: true + sharesUts: true + Containers: + - id: dc70a947c7ae15198ec38b3c817587584085dee3919cbeb9969e3ab77ba10fd2 + state: configured + State: + cgroupPath: /libpod_parent/a5a5c6cdf8c72272fc5c33f787e8d7501e2fa0c1e92b2b602860defdafeeec58 + infraContainerID: dc70a947c7ae15198ec38b3c817587584085dee3919cbeb9969e3ab77ba10fd2 + status: Created + +''' + +EXAMPLES = ''' +# What modules does for example +- podman_pod: + name: pod1 + state: started + ports: + - "4444:5555" + +# Connect random port from localhost to port 80 on pod2 +- name: Connect random port from localhost to port 80 on pod2 + containers.podman.podman_pod: + name: pod2 + state: started + publish: "127.0.0.1::80" +''' +from ansible.module_utils.basic import AnsibleModule # noqa: F402 +from ..module_utils.podman.podman_pod_lib import PodmanPodManager # noqa: F402 +from ..module_utils.podman.podman_pod_lib import ARGUMENTS_SPEC_POD # noqa: F402 + + +def main(): + module = AnsibleModule( + argument_spec=ARGUMENTS_SPEC_POD + ) + results = PodmanPodManager(module, module.params).execute() + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_pod_info.py b/ansible_collections/containers/podman/plugins/modules/podman_pod_info.py new file mode 100644 index 000000000..8b2a4bf06 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_pod_info.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: podman_pod_info +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.0.0' +short_description: Gather info about podman pods +notes: [] +description: + - Gather info about podman pods with podman inspect command. +requirements: + - "Podman installed on host" +options: + name: + description: + - Name of the pod + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +""" + +EXAMPLES = r""" +- name: Gather info about all present pods + containers.podman.podman_pod_info: + +- name: Gather info about specific pods + containers.podman.podman_pod_info: + name: special_pod +""" + +RETURN = r""" +pods: + description: Facts from all or specified pods + returned: always + type: list + sample: [ + { + "Config": { + "id": "d9cb6dbb0....", + "name": "pod1", + "hostname": "pod1host", + "labels": { + }, + "cgroupParent": "/libpod_parent", + "sharesCgroup": true, + "sharesIpc": true, + "sharesNet": true, + "sharesUts": true, + "infraConfig": { + "makeInfraContainer": true, + "infraPortBindings": [ + { + "hostPort": 7777, + "containerPort": 7111, + "protocol": "tcp", + "hostIP": "" + } + ] + }, + "created": "2020-07-13T20:29:12.572282186+03:00", + "lockID": 682 + }, + "State": { + "cgroupPath": "/libpod_parent/d9cb6dbb0....", + "infraContainerID": "ad46737bf....", + "status": "Created" + }, + "Containers": [ + { + "id": "ad46737bf....", + "state": "configured" + } + ] + } + ] +""" + +import json +from ansible.module_utils.basic import AnsibleModule + + +def get_pod_info(module, executable, name): + command = [executable, 'pod', 'inspect'] + pods = [name] + result = [] + errs = [] + rcs = [] + if not name: + all_names = [executable, 'pod', 'ls', '-q'] + rc, out, err = module.run_command(all_names) + if rc != 0: + module.fail_json(msg="Unable to get list of pods: %s" % err) + name = out.split() + if not name: + return [], [err], [rc] + pods = name + for pod in pods: + rc, out, err = module.run_command(command + [pod]) + errs.append(err.strip()) + rcs += [rc] + if not out or json.loads(out) is None or not json.loads(out): + continue + result.append(json.loads(out)) + return result, errs, rcs + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + name=dict(type='str') + ), + supports_check_mode=True, + ) + + name = module.params['name'] + executable = module.get_bin_path(module.params['executable'], required=True) + + inspect_results, errs, rcs = get_pod_info(module, executable, name) + + if len(rcs) > 1 and 0 not in rcs: + module.fail_json(msg="Failed to inspect pods", stderr="\n".join(errs)) + + results = { + "changed": False, + "pods": inspect_results, + "stderr": "\n".join(errs), + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_prune.py b/ansible_collections/containers/podman/plugins/modules/podman_prune.py new file mode 100644 index 000000000..ee4c68a93 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_prune.py @@ -0,0 +1,252 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# Copyright (c) 2023, Roberto Alfieri + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_prune +author: + - 'Roberto Alfieri (@rebtoor)' +version_added: '1.10.0' +short_description: Allows to prune various podman objects +notes: [] +description: + - Allows to run C(podman container prune), C(podman image prune), C(podman network prune), + C(podman volume prune) and C(podman system prune) +requirements: + - 'Podman installed on host' +options: + executable: + description: + - Podman binary. + type: str + default: podman + container: + description: + - Whether to prune containers. + type: bool + default: false + container_filters: + description: + - A dictionary of filter values used for selecting containers to delete. + - 'For example, C(until: 24h).' + - See L(the podman documentation, + https://docs.podman.io/en/latest/markdown/podman-container-prune.1.html#filter-filters) + for more information on possible filters. + type: dict + image: + description: + - Whether to prune images. + type: bool + default: false + image_filters: + description: + - A dictionary of filter values used for selecting images to delete. + - 'You can also use C(dangling_only: false) to delete dangling and non-dangling images or C(external: true) + to delete images even when they are used by external containers.' + - See L(the podman documentation, + https://docs.podman.io/en/latest/markdown/podman-image-prune.1.html#filter-filters) + for more information on possible filters. + type: dict + network: + description: + - Whether to prune networks. + type: bool + default: false + network_filters: + description: + - A dictionary of filter values used for selecting networks to delete. + - See L(the podman documentation, + https://docs.podman.io/en/latest/markdown/podman-network-prune.1.html#filter) + for more information on possible filters. + type: dict + system: + description: + - Wheter to prune unused pods, containers, image, networks and volume data + type: bool + default: false + system_all: + description: + - Wheter to prune all unused images, not only dangling images. + type: bool + default: false + system_volumes: + description: + - Wheter to prune volumes currently unused by any container. + type: bool + default: false + volume: + description: + - Whether to prune volumes. + type: bool + default: false + volume_filters: + description: + - A dictionary of filter values used for selecting volumes to delete. + - See L(the podman documentation, + https://docs.podman.io/en/latest/markdown/podman-volume-prune.1.html#filter) + for more information on possible filters. + type: dict +''' + +EXAMPLES = r''' +- name: Prune containers older than 24h + containers.podman.podman_prune: + containers: true + containers_filters: + # only consider containers created more than 24 hours ago + until: 24h + +- name: Prune everything + containers.podman.podman_prune: + system: true + +- name: Prune everything (including non-dangling images) + containers.podman.podman_prune: + system: true + system_all: true + system_volumes: true +''' + +RETURN = r''' +# containers +containers: + description: + - List of IDs of deleted containers. + returned: I(containers) is C(true) + type: list + elements: str + sample: [] + +# images +images: + description: + - List of IDs of deleted images. + returned: I(images) is C(true) + type: list + elements: str + sample: [] + +# networks +networks: + description: + - List of IDs of deleted networks. + returned: I(networks) is C(true) + type: list + elements: str + sample: [] + +# volumes +volumes: + description: + - List of IDs of deleted volumes. + returned: I(volumes) is C(true) + type: list + elements: str + sample: [] + +# system +system: + description: + - List of ID of deleted containers, volumes, images, network and total reclaimed space + returned: I(system) is C(true) + type: list + elements: str + sample: [] +''' + + +from ansible.module_utils.basic import AnsibleModule + + +def filtersPrepare(target, filters): + filter_out = [] + if target == 'system': + for system_filter in filters: + filter_out.append(filters[system_filter]) + else: + for common_filter in filters: + if isinstance(filters[common_filter], dict): + dict_filters = filters[common_filter] + for single_filter in dict_filters: + filter_out.append('--filter={label}={key}={value}'.format(label=common_filter, key=single_filter, + value=dict_filters[single_filter])) + else: + if target == 'image' and (common_filter in ('dangling_only', 'external')): + if common_filter == 'dangling_only' and not filters['dangling_only']: + filter_out.append('-a') + if common_filter == 'external' and filters['external']: + filter_out.append('--external') + else: + filter_out.append('--filter={label}={value}'.format(label=common_filter, + value=filters[common_filter])) + + return filter_out + + +def podmanExec(module, target, filters, executable): + command = [executable, target, 'prune', '--force'] + if filters is not None: + command.extend(filtersPrepare(target, filters)) + rc, out, err = module.run_command(command) + changed = bool(out) + + if rc != 0: + module.fail_json( + msg='Error executing prune on {target}: {err}'.format(target=target, err=err)) + + return { + "changed": changed, + target: list(filter(None, out.split('\n'))), + "errors": err + } + + +def main(): + results = dict() + module_args = dict( + container=dict(type='bool', default=False), + container_filters=dict(type='dict'), + image=dict(type='bool', default=False), + image_filters=dict(type='dict'), + network=dict(type='bool', default=False), + network_filters=dict(type='dict'), + volume=dict(type='bool', default=False), + volume_filters=dict(type='dict'), + system=dict(type='bool', default=False), + system_all=dict(type='bool', default=False), + system_volumes=dict(type='bool', default=False), + executable=dict(type='str', default='podman') + ) + + module = AnsibleModule( + argument_spec=module_args + ) + + executable = module.get_bin_path( + module.params['executable'], required=True) + + for target, filters in ( + ('container', 'container_filters'), ('image', 'image_filters'), ('network', 'network_filters'), + ('volume', 'volume_filters')): + if module.params[target]: + results[target] = podmanExec(module, target, module.params[filters], executable) + + if module.params['system']: + target = 'system' + system_filters = {} + if module.params['system_all']: + system_filters['system_all'] = '--all' + if module.params['system_volumes']: + system_filters['system_volumes'] = '--volumes' + results[target] = podmanExec(module, target, system_filters, executable) + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_save.py b/ansible_collections/containers/podman/plugins/modules/podman_save.py new file mode 100644 index 000000000..bc7ce252c --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_save.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2020, Sagi Shnaidman +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_save +short_description: Saves podman image to tar file +author: Sagi Shnaidman (@sshnaidm) +description: + - podman save saves an image to either docker-archive, oci-archive, oci-dir + (directory with oci manifest type), or docker-dir (directory with v2s2 manifest type) + on the local machine, default is docker-archive. + +options: + image: + description: + - Image to save. + type: str + required: true + compress: + description: + - Compress tarball image layers when pushing to a directory using the 'dir' transport. + (default is same compression type, compressed or uncompressed, as source) + type: bool + dest: + description: + - Destination file to write image to. + type: str + required: true + aliases: + - path + format: + description: + - Save image to docker-archive, oci-archive (see containers-transports(5)), oci-dir + (oci transport), or docker-dir (dir transport with v2s2 manifest type). + type: str + choices: + - docker-archive + - oci-archive + - oci-dir + - docker-dir + multi_image_archive: + description: + - Allow for creating archives with more than one image. Additional names will be + interpreted as images instead of tags. Only supported for docker-archive. + type: bool + force: + description: + - Force saving to file even if it exists. + type: bool + default: True + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_save: + dest: /path/to/tar/file + compress: true + format: oci-dir +''' + +import os # noqa: E402 +from ansible.module_utils.basic import AnsibleModule # noqa: E402 +from ..module_utils.podman.common import remove_file_or_dir # noqa: E402 + + +def save(module, executable): + changed = False + command = [executable, 'save'] + cmd_args = { + 'compress': ['--compress'], + 'dest': ['-o=%s' % module.params['dest']], + 'format': ['--format=%s' % module.params['format']], + 'multi_image_archive': ['--multi-image-archive'], + } + for param in module.params: + if module.params[param] is not None and param in cmd_args: + command += cmd_args[param] + command.append(module.params['image']) + if module.params['force']: + dest = module.params['dest'] + if os.path.exists(dest): + changed = True + if module.check_mode: + return changed, '', '' + try: + remove_file_or_dir(dest) + except Exception as e: + module.fail_json(msg="Error deleting %s path: %s" % (dest, e)) + else: + changed = not os.path.exists(module.params['dest']) + if module.check_mode: + return changed, '', '' + rc, out, err = module.run_command(command) + if rc != 0: + module.fail_json(msg="Error: %s" % (err)) + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + image=dict(type='str', required=True), + compress=dict(type='bool'), + dest=dict(type='str', required=True, aliases=['path']), + format=dict(type='str', choices=['docker-archive', 'oci-archive', 'oci-dir', 'docker-dir']), + multi_image_archive=dict(type='bool'), + force=dict(type='bool', default=True), + executable=dict(type='str', default='podman') + ), + supports_check_mode=True, + ) + if module.params['compress'] and module.params['format'] not in ['oci-dir', 'docker-dir']: + module.fail_json(msg="Compression is only supported for oci-dir and docker-dir format") + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err = save(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_secret.py b/ansible_collections/containers/podman/plugins/modules/podman_secret.py new file mode 100644 index 000000000..fc8ec1f1d --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_secret.py @@ -0,0 +1,178 @@ +#!/usr/bin/python +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: podman_secret +author: + - "Aliaksandr Mianzhynski (@amenzhinsky)" +version_added: '1.7.0' +short_description: Manage podman secrets +notes: [] +description: + - Manage podman secrets +requirements: + - podman +options: + data: + description: + - The value of the secret. Required when C(state) is C(present). + type: str + driver: + description: + - Override default secrets driver, currently podman uses C(file) + which is unencrypted. + type: str + driver_opts: + description: + - Driver-specific key-value options. + type: dict + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + type: str + default: 'podman' + force: + description: + - Use it when C(state) is C(present) to remove and recreate an existing secret. + type: bool + default: false + skip_existing: + description: + - Use it when C(state) is C(present) and secret with the same name already exists. + If set to C(true), the secret will NOT be recreated and remains as is. + type: bool + default: false + name: + description: + - The name of the secret. + required: True + type: str + state: + description: + - Whether to create or remove the named secret. + type: str + default: present + choices: + - absent + - present +''' + +EXAMPLES = r""" +- name: Create secret + containers.podman.podman_secret: + state: present + name: mysecret + data: "my super secret content" + +- name: Create container that uses the secret + containers.podman.podman_container: + name: showmysecret + image: docker.io/alpine:3.14 + secrets: + - mysecret + detach: false + command: cat /run/secrets/mysecret + register: container + +- name: Output secret data + debug: + msg: '{{ container.stdout }}' + +- name: Remove secret + containers.podman.podman_secret: + state: absent + name: mysecret + """ + +from ansible.module_utils.basic import AnsibleModule + + +def podman_secret_create(module, executable, name, data, force, skip, + driver, driver_opts): + if force: + module.run_command([executable, 'secret', 'rm', name]) + if skip: + rc, out, err = module.run_command( + [executable, 'secret', 'ls', "--format", "{{.Name}}"]) + if name in [i.strip() for i in out.splitlines()]: + return { + "changed": False, + } + + cmd = [executable, 'secret', 'create'] + if driver: + cmd.append('--driver') + cmd.append(driver) + if driver_opts: + cmd.append('--driver-opts') + cmd.append(",".join("=".join(i) for i in driver_opts.items())) + cmd.append(name) + cmd.append('-') + + rc, out, err = module.run_command(cmd, data=data, binary_data=True) + if rc != 0: + module.fail_json(msg="Unable to create secret: %s" % err) + + return { + "changed": True, + } + + +def podman_secret_remove(module, executable, name): + changed = False + rc, out, err = module.run_command([executable, 'secret', 'rm', name]) + if rc == 0: + changed = True + elif 'no such secret' in err: + pass + else: + module.fail_json(msg="Unable to remove secret: %s" % err) + + return { + "changed": changed, + } + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + state=dict(type='str', default='present', choices=['absent', 'present']), + name=dict(type='str', required=True), + data=dict(type='str', no_log=True), + force=dict(type='bool', default=False), + skip_existing=dict(type='bool', default=False), + driver=dict(type='str'), + driver_opts=dict(type='dict'), + ), + ) + + state = module.params['state'] + name = module.params['name'] + executable = module.get_bin_path(module.params['executable'], required=True) + + if state == 'present': + data = module.params['data'] + if data is None: + raise Exception("'data' is required when 'state' is 'present'") + force = module.params['force'] + skip = module.params['skip_existing'] + driver = module.params['driver'] + driver_opts = module.params['driver_opts'] + results = podman_secret_create(module, executable, + name, data, force, skip, + driver, driver_opts) + else: + results = podman_secret_remove(module, executable, name) + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_tag.py b/ansible_collections/containers/podman/plugins/modules/podman_tag.py new file mode 100644 index 000000000..39e799f6f --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_tag.py @@ -0,0 +1,91 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2021, Christian Bourque <@ocafebabe> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_tag +short_description: Add an additional name to a local image +author: Christian Bourque (@ocafebabe) +description: + - podman tag adds one or more additional names to locally-stored image. +options: + image: + description: + - Image to tag. + type: str + required: true + target_names: + description: + - Additional names. + type: list + elements: str + required: true + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_tag: + image: docker.io/continuumio/miniconda3 + target_names: + - miniconda3 + - miniconda +''' + +from ansible.module_utils.basic import AnsibleModule # noqa: E402 + + +def tag(module, executable): + changed = False + command = [executable, 'tag'] + command.append(module.params['image']) + command.extend(module.params['target_names']) + if module.check_mode: + return changed, '', '' + rc, out, err = module.run_command(command) + if rc == 0: + changed = True + else: + module.fail_json(msg="Error tagging local image %s: %s" % ( + module.params['image'], err)) + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + image=dict(type='str', required=True), + target_names=dict(type='list', elements='str', required=True), + executable=dict(type='str', default='podman') + ), + supports_check_mode=True, + ) + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err = tag(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err, + } + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_volume.py b/ansible_collections/containers/podman/plugins/modules/podman_volume.py new file mode 100644 index 000000000..c533091e1 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_volume.py @@ -0,0 +1,484 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# flake8: noqa: E501 +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: podman_volume +short_description: Manage Podman volumes +author: + - "Sagi Shnaidman (@sshnaidm)" +version_added: '1.1.0' +description: + - Manage Podman volumes +options: + state: + description: + - State of volume, default 'present' + type: str + default: present + choices: + - present + - absent + recreate: + description: + - Recreate volume even if exists. + type: bool + default: false + name: + description: + - Name of volume. + type: str + required: true + label: + description: + - Add metadata to a pod volume (e.g., label com.example.key=value). + type: dict + required: false + driver: + description: + - Specify volume driver name (default local). + type: str + required: false + options: + description: + - Set driver specific options. For example 'device=tpmfs', 'type=tmpfs'. + UID and GID idempotency is not supported due to changes in podman. + type: list + elements: str + required: false + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str + debug: + description: + - Return additional information which can be helpful for investigations. + type: bool + default: False + +requirements: + - "podman" + +''' + +RETURN = ''' +volume: + description: Volume inspection results if exists. + returned: always + type: dict + sample: + CreatedAt: '2020-06-05T16:38:55.277628769+03:00' + Driver: local + Labels: + key.com: value + key.org: value2 + Mountpoint: /home/user/.local/share/containers/storage/volumes/test/_data + Name: test + Options: {} + Scope: local + +''' + +EXAMPLES = ''' +# What modules does for example +- podman_volume: + state: present + name: volume1 + label: + key: value + key2: value2 + options: + - "device=/dev/loop1" + - "type=ext4" +''' +# noqa: F402 +import json # noqa: F402 + +from ansible.module_utils.basic import AnsibleModule # noqa: F402 +from ansible.module_utils._text import to_bytes, to_native # noqa: F402 +from ansible_collections.containers.podman.plugins.module_utils.podman.common import LooseVersion +from ansible_collections.containers.podman.plugins.module_utils.podman.common import lower_keys + + +class PodmanVolumeModuleParams: + """Creates list of arguments for podman CLI command. + + Arguments: + action {str} -- action type from 'create', 'delete' + params {dict} -- dictionary of module parameters + + """ + + def __init__(self, action, params, podman_version, module): + self.params = params + self.action = action + self.podman_version = podman_version + self.module = module + + def construct_command_from_params(self): + """Create a podman command from given module parameters. + + Returns: + list -- list of byte strings for Popen command + """ + if self.action in ['delete']: + return self._simple_action() + if self.action in ['create']: + return self._create_action() + + def _simple_action(self): + if self.action == 'delete': + cmd = ['rm', '-f', self.params['name']] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def _create_action(self): + cmd = [self.action, self.params['name']] + all_param_methods = [func for func in dir(self) + if callable(getattr(self, func)) + and func.startswith("addparam")] + params_set = (i for i in self.params if self.params[i] is not None) + for param in params_set: + func_name = "_".join(["addparam", param]) + if func_name in all_param_methods: + cmd = getattr(self, func_name)(cmd) + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + + def check_version(self, param, minv=None, maxv=None): + if minv and LooseVersion(minv) > LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported from podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + if maxv and LooseVersion(maxv) < LooseVersion( + self.podman_version): + self.module.fail_json(msg="Parameter %s is supported till podman " + "version %s only! Current version is %s" % ( + param, minv, self.podman_version)) + + def addparam_label(self, c): + for label in self.params['label'].items(): + c += ['--label', b'='.join( + [to_bytes(l, errors='surrogate_or_strict') for l in label])] + return c + + def addparam_driver(self, c): + return c + ['--driver', self.params['driver']] + + def addparam_options(self, c): + for opt in self.params['options']: + c += ['--opt', opt] + return c + + +class PodmanVolumeDefaults: + def __init__(self, module, podman_version): + self.module = module + self.version = podman_version + self.defaults = { + 'driver': 'local', + 'label': {}, + 'options': {} + } + + def default_dict(self): + # make here any changes to self.defaults related to podman version + return self.defaults + + +class PodmanVolumeDiff: + def __init__(self, module, info, podman_version): + self.module = module + self.version = podman_version + self.default_dict = None + self.info = lower_keys(info) + self.params = self.defaultize() + self.diff = {'before': {}, 'after': {}} + self.non_idempotent = {} + + def defaultize(self): + params_with_defaults = {} + self.default_dict = PodmanVolumeDefaults( + self.module, self.version).default_dict() + for p in self.module.params: + if self.module.params[p] is None and p in self.default_dict: + params_with_defaults[p] = self.default_dict[p] + else: + params_with_defaults[p] = self.module.params[p] + return params_with_defaults + + def _diff_update_and_compare(self, param_name, before, after): + if before != after: + self.diff['before'].update({param_name: before}) + self.diff['after'].update({param_name: after}) + return True + return False + + def diffparam_label(self): + before = self.info['labels'] if 'labels' in self.info else {} + after = self.params['label'] + return self._diff_update_and_compare('label', before, after) + + def diffparam_driver(self): + before = self.info['driver'] + after = self.params['driver'] + return self._diff_update_and_compare('driver', before, after) + + def diffparam_options(self): + before = self.info['options'] if 'options' in self.info else {} + # Removing GID and UID from options list + before.pop('uid', None) + before.pop('gid', None) + # Collecting all other options in the list + before = ["=".join((k, v)) for k, v in before.items()] + after = self.params['options'] + # # For UID, GID + # if 'uid' in self.info or 'gid' in self.info: + # ids = [] + # if 'uid' in self.info and self.info['uid']: + # before = [i for i in before if 'uid' not in i] + # before += ['uid=%s' % str(self.info['uid'])] + # if 'gid' in self.info and self.info['gid']: + # before = [i for i in before if 'gid' not in i] + # before += ['gid=%s' % str(self.info['gid'])] + # if self.params['options']: + # for opt in self.params['options']: + # if 'uid=' in opt or 'gid=' in opt: + # ids += opt.split("o=")[1].split(",") + # after = [i for i in after if 'gid' not in i and 'uid' not in i] + # after += ids + before, after = sorted(list(set(before))), sorted(list(set(after))) + return self._diff_update_and_compare('options', before, after) + + def is_different(self): + diff_func_list = [func for func in dir(self) + if callable(getattr(self, func)) and func.startswith( + "diffparam")] + fail_fast = not bool(self.module._diff) + different = False + for func_name in diff_func_list: + dff_func = getattr(self, func_name) + if dff_func(): + if fail_fast: + return True + else: + different = True + # Check non idempotent parameters + for p in self.non_idempotent: + if self.module.params[p] is not None and self.module.params[p] not in [{}, [], '']: + different = True + return different + + +class PodmanVolume: + """Perform volume tasks. + + Manages podman volume, inspects it and checks its current state + """ + + def __init__(self, module, name): + """Initialize PodmanVolume class. + + Arguments: + module {obj} -- ansible module object + name {str} -- name of volume + """ + + super(PodmanVolume, self).__init__() + self.module = module + self.name = name + self.stdout, self.stderr = '', '' + self.info = self.get_info() + self.version = self._get_podman_version() + self.diff = {} + self.actions = [] + + @property + def exists(self): + """Check if volume exists.""" + return bool(self.info != {}) + + @property + def different(self): + """Check if volume is different.""" + diffcheck = PodmanVolumeDiff( + self.module, + self.info, + self.version) + is_different = diffcheck.is_different() + diffs = diffcheck.diff + if self.module._diff and is_different and diffs['before'] and diffs['after']: + self.diff['before'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['before'].items())]) + "\n" + self.diff['after'] = "\n".join( + ["%s - %s" % (k, v) for k, v in sorted( + diffs['after'].items())]) + "\n" + return is_different + + def get_info(self): + """Inspect volume and gather info about it.""" + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'volume', b'inspect', self.name]) + return json.loads(out)[0] if rc == 0 else {} + + def _get_podman_version(self): + # pylint: disable=unused-variable + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'--version']) + if rc != 0 or not out or "version" not in out: + self.module.fail_json(msg="%s run failed!" % + self.module.params['executable']) + return out.split("version")[1].strip() + + def _perform_action(self, action): + """Perform action with volume. + + Arguments: + action {str} -- action to perform - create, stop, delete + """ + b_command = PodmanVolumeModuleParams(action, + self.module.params, + self.version, + self.module, + ).construct_command_from_params() + full_cmd = " ".join([self.module.params['executable'], 'volume'] + + [to_native(i) for i in b_command]) + self.module.log("PODMAN-VOLUME-DEBUG: %s" % full_cmd) + self.actions.append(full_cmd) + if not self.module.check_mode: + rc, out, err = self.module.run_command( + [self.module.params['executable'], b'volume'] + b_command, + expand_user_and_vars=False) + self.stdout = out + self.stderr = err + if rc != 0: + self.module.fail_json( + msg="Can't %s volume %s" % (action, self.name), + stdout=out, stderr=err) + + def delete(self): + """Delete the volume.""" + self._perform_action('delete') + + def create(self): + """Create the volume.""" + self._perform_action('create') + + def recreate(self): + """Recreate the volume.""" + self.delete() + self.create() + + +class PodmanVolumeManager: + """Module manager class. + + Defines according to parameters what actions should be applied to volume + """ + + def __init__(self, module): + """Initialize PodmanManager class. + + Arguments: + module {obj} -- ansible module object + """ + + super(PodmanVolumeManager, self).__init__() + + self.module = module + self.results = { + 'changed': False, + 'actions': [], + 'volume': {}, + } + self.name = self.module.params['name'] + self.executable = \ + self.module.get_bin_path(self.module.params['executable'], + required=True) + self.state = self.module.params['state'] + self.recreate = self.module.params['recreate'] + self.volume = PodmanVolume(self.module, self.name) + + def update_volume_result(self, changed=True): + """Inspect the current volume, update results with last info, exit. + + Keyword Arguments: + changed {bool} -- whether any action was performed + (default: {True}) + """ + facts = self.volume.get_info() if changed else self.volume.info + out, err = self.volume.stdout, self.volume.stderr + self.results.update({'changed': changed, 'volume': facts, + 'podman_actions': self.volume.actions}, + stdout=out, stderr=err) + if self.volume.diff: + self.results.update({'diff': self.volume.diff}) + if self.module.params['debug']: + self.results.update({'podman_version': self.volume.version}) + self.module.exit_json(**self.results) + + def execute(self): + """Execute the desired action according to map of actions & states.""" + states_map = { + 'present': self.make_present, + 'absent': self.make_absent, + } + process_action = states_map[self.state] + process_action() + self.module.fail_json(msg="Unexpected logic error happened, " + "please contact maintainers ASAP!") + + def make_present(self): + """Run actions if desired state is 'started'.""" + if not self.volume.exists: + self.volume.create() + self.results['actions'].append('created %s' % self.volume.name) + self.update_volume_result() + elif self.recreate or self.volume.different: + self.volume.recreate() + self.results['actions'].append('recreated %s' % + self.volume.name) + self.update_volume_result() + else: + self.update_volume_result(changed=False) + + def make_absent(self): + """Run actions if desired state is 'absent'.""" + if not self.volume.exists: + self.results.update({'changed': False}) + elif self.volume.exists: + self.volume.delete() + self.results['actions'].append('deleted %s' % self.volume.name) + self.results.update({'changed': True}) + self.results.update({'volume': {}, + 'podman_actions': self.volume.actions}) + self.module.exit_json(**self.results) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + state=dict(type='str', default="present", + choices=['present', 'absent']), + name=dict(type='str', required=True), + label=dict(type='dict', required=False), + driver=dict(type='str', required=False), + options=dict(type='list', elements='str', required=False), + recreate=dict(type='bool', default=False), + executable=dict(type='str', required=False, default='podman'), + debug=dict(type='bool', default=False), + )) + + PodmanVolumeManager(module).execute() + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_volume_info.py b/ansible_collections/containers/podman/plugins/modules/podman_volume_info.py new file mode 100644 index 000000000..97b43b3ce --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_volume_info.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# Copyright (c) 2020 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +module: podman_volume_info +author: + - "Sagi Shnaidman (@sshnaidm)" +short_description: Gather info about podman volumes +notes: [] +description: + - Gather info about podman volumes with podman inspect command. +requirements: + - "Podman installed on host" +options: + name: + description: + - Name of the volume + type: str + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +''' + +EXAMPLES = r""" +- name: Gather info about all present volumes + podman_volume_info: + +- name: Gather info about specific volume + podman_volume_info: + name: specific_volume +""" + +RETURN = r""" +volumes: + description: Facts from all or specified volumes + returned: always + type: list + sample: [ + { + "name": "testvolume", + "labels": {}, + "mountPoint": "/home/ansible/.local/share/testvolume/_data", + "driver": "local", + "options": {}, + "scope": "local" + } + ] +""" + +import json +from ansible.module_utils.basic import AnsibleModule + + +def get_volume_info(module, executable, name): + command = [executable, 'volume', 'inspect'] + if name: + command.append(name) + else: + command.append("--all") + rc, out, err = module.run_command(command) + if rc != 0 or 'no such volume' in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (name or 'all volumes', err)) + if not out or json.loads(out) is None: + return [], out, err + return json.loads(out), out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + name=dict(type='str') + ), + supports_check_mode=True, + ) + + name = module.params['name'] + executable = module.get_bin_path(module.params['executable'], required=True) + + inspect_results, out, err = get_volume_info(module, executable, name) + + results = { + "changed": False, + "volumes": inspect_results, + "stderr": err + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/setup.cfg b/ansible_collections/containers/podman/setup.cfg new file mode 100644 index 000000000..def4acc92 --- /dev/null +++ b/ansible_collections/containers/podman/setup.cfg @@ -0,0 +1,38 @@ +[metadata] +name = ansible-podman-collections.containers +summary = Ansible collections for Podman +description-file = + README.md + +author = Sagi Shnaidman (@sshnaidm) +author-email = einarum@gmail.com +home-page = https://github.com/containers/ansible-podman-collections/ +classifier = + License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+) + Development Status :: 5 - Production/Stable + Intended Audience :: Developers + Intended Audience :: System Administrators + Intended Audience :: Information Technology + Topic :: System :: Systems Administration + Topic :: Utilities + +[global] +setup-hooks = + pbr.hooks.setup_hook + +[files] +data_files = + share/ansible/collections/ansible_collections/containers/podman/ = README.md + share/ansible/collections/ansible_collections/containers/podman/roles/ = roles/* + share/ansible/collections/ansible_collections/containers/podman/plugins/ = plugins/* + share/ansible/collections/ansible_collections/containers/podman/playbooks/ = playbooks/* + share/ansible/collections/ansible_collections/containers/podman/scripts/ = scripts/* + share/ansible/collections/ansible_collections/containers/podman/docs/ = docs/* + share/ansible/collections/ansible_collections/containers/podman/meta/ = meta/* + +[wheel] +universal = 1 + +[pbr] +skip_authors = True +skip_changelog = True diff --git a/ansible_collections/containers/podman/setup.py b/ansible_collections/containers/podman/setup.py new file mode 100644 index 000000000..c453a916e --- /dev/null +++ b/ansible_collections/containers/podman/setup.py @@ -0,0 +1,9 @@ +# Copyright Red Hat, Inc. All Rights Reserved. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +import setuptools + +setuptools.setup( + setup_requires=['pbr'], + pbr=True, + py_modules=[]) diff --git a/ansible_collections/containers/podman/test-requirements.txt b/ansible_collections/containers/podman/test-requirements.txt new file mode 100644 index 000000000..3edd0df45 --- /dev/null +++ b/ansible_collections/containers/podman/test-requirements.txt @@ -0,0 +1,4 @@ +ansible-core +pytest +pytest-forked +pytest-xdist diff --git a/ansible_collections/containers/podman/tests/.gitignore b/ansible_collections/containers/podman/tests/.gitignore new file mode 100644 index 000000000..ea1472ec1 --- /dev/null +++ b/ansible_collections/containers/podman/tests/.gitignore @@ -0,0 +1 @@ +output/ diff --git a/ansible_collections/containers/podman/tests/integration/targets/__init__.py b/ansible_collections/containers/podman/tests/integration/targets/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection/create-nonroot-user.yml b/ansible_collections/containers/podman/tests/integration/targets/connection/create-nonroot-user.yml new file mode 100644 index 000000000..8669cfe35 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection/create-nonroot-user.yml @@ -0,0 +1,7 @@ +- hosts: "{{ target_hosts }}" + gather_facts: false + tasks: + + - name: Create a user + user: + name: testuser diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection/test_connection.yml b/ansible_collections/containers/podman/tests/integration/targets/connection/test_connection.yml new file mode 100644 index 000000000..65f7e114d --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection/test_connection.yml @@ -0,0 +1,43 @@ +- hosts: "{{ target_hosts }}" + gather_facts: false + serial: 1 + tasks: + + ### raw with unicode arg and output + + - name: raw with unicode arg and output + raw: echo 汉语 + register: command + - name: check output of raw with unicode arg and output + assert: + that: + - "'汉语' in command.stdout" + - command is changed # as of 2.2, raw should default to changed: true for consistency w/ shell/command/script modules + + ### copy local file with unicode filename and content + + - name: create local file with unicode filename and content + local_action: lineinfile dest={{ local_tmp }}-汉语/汉语.txt create=true line=汉语 + - name: remove remote file with unicode filename and content + action: "{{ action_prefix }}file path={{ remote_tmp }}-汉语/汉语.txt state=absent" + - name: create remote directory with unicode name + action: "{{ action_prefix }}file path={{ remote_tmp }}-汉语 state=directory" + - name: copy local file with unicode filename and content + action: "{{ action_prefix }}copy src={{ local_tmp }}-汉语/汉语.txt dest={{ remote_tmp }}-汉语/汉语.txt" + + ### fetch remote file with unicode filename and content + + - name: remove local file with unicode filename and content + local_action: file path={{ local_tmp }}-汉语/汉语.txt state=absent + - name: fetch remote file with unicode filename and content + fetch: src={{ remote_tmp }}-汉语/汉语.txt dest={{ local_tmp }}-汉语/汉语.txt fail_on_missing=true validate_checksum=true flat=true + + ### remove local and remote temp files + + - name: remove local temp file + local_action: file path={{ local_tmp }}-汉语 state=absent + - name: remove remote temp file + action: "{{ action_prefix }}file path={{ remote_tmp }}-汉语 state=absent" + + ### test wait_for_connection plugin + - wait_for_connection: diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/runme.sh b/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/runme.sh new file mode 100755 index 000000000..b7fbcff45 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/runme.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +set -o pipefail +set -eux + +# New requirement from ansible-core 2.14 +export LC_ALL=en_US.UTF-8 +export LANG=en_US.UTF-8 +export LANGUAGE=en_US.UTF-8 + +function run_ansible { + ${SUDO:-} ${ANSIBLECMD:-ansible-playbook} ../connection/test_connection.yml -i "test_connection.inventory" \ + -e target_hosts="buildah" \ + -e action_prefix= \ + -e local_tmp=/tmp/ansible-local \ + -e remote_tmp=/tmp/ansible-remote \ + "$@" + +} + +# Issue in buildah: https://github.com/containers/buildah/issues/3126 +# Hack is from: https://github.com/containers/buildah/issues/3120#issuecomment-815889314 +# PR is merged here: https://github.com/containers/storage/pull/871 +export STORAGE_OPTS="overlay.mount_program=/usr/bin/fuse-overlayfs" +# First run as root +run_ansible "$@" + +# Create a non-root user +${SUDO:-} ${ANSIBLECMD:-ansible-playbook} -i "test_connection.inventory" ../connection/create-nonroot-user.yml \ + -e target_hosts="buildah" + +# Second run as normal user +ANSIBLE_VERBOSITY=4 ANSIBLE_REMOTE_USER="testuser" run_ansible "$@" | tee check_log +${SUDO:-} grep -q "Using buildah connection from collection" check_log +${SUDO:-} rm -f check_log diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/test_connection.inventory b/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/test_connection.inventory new file mode 100644 index 000000000..e6d090ee4 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection_buildah/test_connection.inventory @@ -0,0 +1,12 @@ +[buildah] +buildah-container ansible_ssh_pipelining=true +[buildah:vars] +# 1. install buildah +# 2. create container: +# $ sudo buildah from --name=buildah-container python:2 +# 3. run test: +# $ ansible-test integration connection_buildah +# 6. remove container +# $ sudo buildah rm buildah-container +ansible_host=buildah-container +ansible_connection=containers.podman.buildah diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection_podman/runme.sh b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/runme.sh new file mode 100755 index 000000000..598794e71 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/runme.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -o pipefail +set -eux + +function run_ansible { + ${SUDO:-} ${ANSIBLECMD:-ansible-playbook} ../connection/test_connection.yml -i "test_connection.inventory" \ + -e target_hosts="podman" \ + -e action_prefix= \ + -e local_tmp=/tmp/ansible-local \ + -e remote_tmp=/tmp/ansible-remote \ + "$@" + +} + +run_ansible "$@" +LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 run_ansible "$@" +ANSIBLE_VERBOSITY=4 ANSIBLE_REMOTE_TMP="/tmp" ANSIBLE_REMOTE_USER="1000" run_ansible "$@" | tee check_log +${SUDO:-} grep -q "Using podman connection from collection" check_log +${SUDO:-} rm -f check_log +set +o pipefail +ANSIBLE_PODMAN_EXECUTABLE=fakepodman run_ansible "$@" 2>&1 | grep "fakepodman command not found in PATH" +set -o pipefail +ANSIBLE_PODMAN_EXECUTABLE=fakepodman run_ansible "$@" && { + echo "Playbook with fakepodman should fail!" + exit 1 +} +ANSIBLE_VERBOSITY=4 ANSIBLE_PODMAN_EXTRA_ARGS=" --log-level debug " run_ansible "$@" | grep "level=debug msg=" diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory new file mode 100644 index 000000000..c64c399f6 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory @@ -0,0 +1,15 @@ +[podman] +podman-container +[podman:vars] +# 1. install podman +# 2. create container: +# podman pull python:3-alpine +# podman run -d --name podman-container python:3-alpine sleep 999999 +# 3. run test: +# ./bin/ansible-test integration connection_podman +# 6. remove container +# podman stop podman-container +# podman rm podman-container +ansible_host=podman-container +ansible_connection=containers.podman.podman +ansible_python_interpreter=/usr/local/bin/python diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml new file mode 100644 index 000000000..3a66f6a82 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml @@ -0,0 +1,800 @@ +- name: Test podman_container + block: + - name: Delete all container leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "alpine:3.7" + - "container" + - "container1" + - "container2" + - "container3" + - "testidem-pod" + + - name: Test no image with default action + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + ignore_errors: true + register: no_image + + - name: Test no image with state 'started' + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: created + ignore_errors: true + register: no_image1 + + - name: Test no image with state 'present' + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: present + ignore_errors: true + register: no_image2 + + - name: Check no image + assert: + that: + - no_image is failed + - no_image1 is failed + - no_image2 is failed + - no_image.msg == "Cannot start container when image is not specified!" + - no_image1.msg == "State 'created' required image to be configured!" + - no_image2.msg == "State 'present' required image to be configured!" + fail_msg: No image test failed! + success_msg: No image test passed! + + - name: Ensure image doesn't exist + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: alpine:3.7 + state: absent + + - name: Check pulling image + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + command: sleep 1d + register: image + + - name: Check using already pulled image + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container2 + image: alpine:3.7 + state: started + command: sleep 1d + register: image2 + + - name: Check output is correct + assert: + that: + - image is changed + - image.container is defined + - image.container['State']['Running'] + - "'pulled image alpine:3.7' in image.actions" + - "'started container' in image.actions" + - image2 is changed + - image2.container is defined + - image2.container['State']['Running'] + - "'pulled image alpine:3.7' not in image2.actions" + - "'started container2' in image2.actions" + fail_msg: Pulling image test failed! + success_msg: Pulling image test passed! + + - name: Check failed image pull + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: ineverneverneverexist + state: started + command: sleep 1d + register: imagefail + ignore_errors: true + + - name: Check output is correct + assert: + that: + - imagefail is failed + - imagefail.msg == "Can't pull image ineverneverneverexist" + + - name: Force container recreate + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine + state: started + command: sleep 1d + recreate: true + register: recreated + + - name: Check output is correct + assert: + that: + - recreated is changed + - recreated.container is defined + - recreated.container['State']['Running']|bool + - "'recreated container' in recreated.actions" + fail_msg: Force recreate test failed! + success_msg: Force recreate test passed! + + - name: Start container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: started + + - name: Present container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine + state: present + command: sleep 1d + register: start_present + + - name: Check output is correct + assert: + that: + - start_present.container['State']['Running'] + + - name: Stop container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: stopped + register: stopped + + - name: Stop the same container again (idempotency) + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: stopped + register: stopped_again + + - name: Check output is correct + assert: + that: + - stopped is changed + - stopped.container is defined + - not stopped.container['State']['Running'] + - "'stopped container' in stopped.actions" + - stopped_again is not changed + - stopped_again.container is defined + - not stopped_again.container['State']['Running'] + - stopped_again.actions == [] + fail_msg: Stopping container test failed! + success_msg: Stopping container test passed! + + - name: Delete stopped container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + register: deleted + + - name: Delete again container (idempotency) + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + register: deleted_again + + - name: Check output is correct + assert: + that: + - deleted is changed + - deleted.container is defined + - deleted.container == {} + - "'deleted container' in deleted.actions" + - deleted_again is not changed + - deleted_again.container is defined + - deleted_again.container == {} + - deleted_again.actions == [] + fail_msg: Deleting stopped container test failed! + success_msg: Deleting stopped container test passed! + + - name: Create container in 'stopped' state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: stopped + command: sleep 1d + register: created + + - name: Check output is correct + assert: + that: + - created is changed + - created.container is defined + - created.container != {} + - not created.container['State']['Running'] + - "'created container' in created.actions" + fail_msg: "Creating stopped container test failed!" + success_msg: "Creating stopped container test passed!" + + - name: Delete created container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + + - name: Create container in 'created' state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: created + command: sleep 1d + register: created + + - name: Check output is correct + assert: + that: + - created is changed + - created.container is defined + - created.container != {} + - not created.container['State']['Running'] + - "'created container' in created.actions" + fail_msg: "Creating stopped container test failed!" + success_msg: "Creating stopped container test passed!" + + - name: Force container recreate + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine + state: created + command: sleep 1d + recreate: true + register: recreated + + - name: Check output is correct + assert: + that: + - recreated is changed + - recreated.container is defined + - not recreated.container['State']['Running'] + - "'recreated container' in recreated.actions" + fail_msg: Force recreate test failed! + + - name: Restart container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + restart: true + register: restarted + + - name: Check output is correct + assert: + that: + - restarted is changed + - restarted.container is defined + - restarted.container['State']['Running'] + - "'restarted container' in restarted.actions" + fail_msg: Restart container test failed! + + - name: Restart running container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + restart: true + register: restarted + + - name: Check output is correct + assert: + that: + - restarted is changed + - restarted.container is defined + - restarted.container['State']['Running'] + - "'restarted container' in restarted.actions" + fail_msg: Restart running container test failed! + + - name: Delete created container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + + - name: Start container that was deleted + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + command: sleep 1d + register: started + + - name: Check output is correct + assert: + that: + - started is changed + - started.container is defined + - started.container['State']['Running'] + - "'pulled image alpine:3.7' not in started.actions" + + - name: Delete started container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + register: deleted + + - name: Delete again container (idempotency) + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + register: deleted_again + + - name: Check output is correct + assert: + that: + - deleted is changed + - deleted.container is defined + - deleted.container == {} + - "'deleted container' in deleted.actions" + - deleted_again is not changed + - deleted_again.container is defined + - deleted_again.container == {} + - deleted_again.actions == [] + fail_msg: Deleting started container test failed! + success_msg: Deleting started container test passed! + + - name: Recreate container with parameters + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + recreate: true + etc_hosts: + host1: 127.0.0.1 + host2: 127.0.0.1 + annotation: + this: "annotation_value" + dns: + - 1.1.1.1 + - 8.8.4.4 + dns_search: example.com + cap_add: + - SYS_TIME + - NET_ADMIN + publish: + - "9000:80" + - "9001:8000" + workdir: "/bin" + env: + FOO: bar=1 + BAR: foo + TEST: 1 + BOOL: false + label: + somelabel: labelvalue + otheralbe: othervalue + volumes: + - /tmp:/data + mounts: + - type=devpts,destination=/dev/pts + register: test + + - name: Check output is correct + assert: + that: + - test is changed + - test.container is defined + - test.container != {} + - test.container['State']['Running'] + # test capabilities + - "'CAP_SYS_TIME' in test.container['BoundingCaps']" + - "'CAP_NET_ADMIN' in test.container['BoundingCaps']" + # test annotations + - test.container['Config']['Annotations']['this'] is defined + - test.container['Config']['Annotations']['this'] == "annotation_value" + # test DNS + - >- + (test.container['HostConfig']['Dns'] is defined and + test.container['HostConfig']['Dns'] == ['1.1.1.1', '8.8.4.4']) or + (test.container['HostConfig']['DNS'] is defined and + test.container['HostConfig']['DNS'] == ['1.1.1.1', '8.8.4.4']) + # test ports + - test.container['NetworkSettings']['Ports']|length == 2 + # test working dir + - test.container['Config']['WorkingDir'] == "/bin" + # test dns search + - >- + (test.container['HostConfig']['DnsSearch'] is defined and + test.container['HostConfig']['DnsSearch'] == ['example.com']) or + (test.container['HostConfig']['DNSSearch'] is defined and + test.container['HostConfig']['DNSSearch'] == ['example.com']) + # test environment variables + - "'FOO=bar=1' in test.container['Config']['Env']" + - "'BAR=foo' in test.container['Config']['Env']" + - "'TEST=1' in test.container['Config']['Env']" + - "'BOOL=False' in test.container['Config']['Env']" + # test labels + - test.container['Config']['Labels'] | length == 2 + - test.container['Config']['Labels']['somelabel'] == "labelvalue" + - test.container['Config']['Labels']['otheralbe'] == "othervalue" + # test mounts + - test.container['Mounts'][0]['Type'] is defined and test.container['Mounts'][0]['Type'] == 'bind' + - >- + test.container['Mounts'][0]['Source'] is defined and test.container['Mounts'][0]['Source'] == 'devpts' or + test.container['Mounts'][1]['Source'] is defined and test.container['Mounts'][1]['Source'] == 'devpts' + - >- + test.container['Mounts'][0]['Destination'] is defined and test.container['Mounts'][0]['Destination'] == '/dev/pts' or + test.container['Mounts'][1]['Destination'] is defined and test.container['Mounts'][1]['Destination'] == '/dev/pts' + # test volumes + # test volumes + - >- + (test.container['Mounts'][0]['Destination'] is defined and + '/data' in test.container['Mounts'] | map(attribute='Destination') | list) + - >- + (test.container['Mounts'][1]['Source'] is defined and + '/tmp' in test.container['Mounts'] | map(attribute='Source') | list) + fail_msg: Parameters container test failed! + success_msg: Parameters container test passed! + + - name: Check basic idempotency of running container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: docker.io/alpine + state: started + command: sleep 20m + + - name: Check basic idempotency of running container - run it again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: alpine:latest + state: started + command: sleep 20m + register: idem + + - name: Check that nothing was changed + assert: + that: + - not idem.changed + + - name: Check force restart option - run again and force restart + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: alpine:latest + state: started + command: sleep 20m + force_restart: true + register: idem_r + + - name: Check that task was changed + assert: + that: + - idem_r is changed + + - name: Check removing force_restart option + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: alpine:latest + state: started + command: sleep 20m + register: idem_r1 + + - name: Check that task was not changed + assert: + that: + - idem_r1 is not changed + + - name: Run changed container (with tty enabled) + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: alpine + state: started + command: sleep 20m + tty: true + register: idem1 + + - name: Check that container is recreated when changed + assert: + that: + - idem1 is changed + + - name: Run changed container without specifying an option, use defaults + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + image: alpine + state: started + command: sleep 20m + register: idem2 + + - name: Check that container is recreated when changed to default value + assert: + that: + - idem2 is changed + + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem + state: absent + register: remove + + - name: Check podman_actions + assert: + that: + - "'podman rm -f testidem' in remove.podman_actions" + + # - name: Create a pod + # shell: podman pod create --name testidempod + + - name: Check basic idempotency of pod container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem-pod + image: docker.io/alpine + state: started + command: sleep 20m + pod: "new:testidempod" + + - name: Check basic idempotency of pod container - run it again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem-pod + image: alpine:latest + state: started + command: sleep 20m + pod: testidempod + register: idem3 + + - name: Check that nothing was changed in pod containers + assert: + that: + - not idem3.changed + + - name: Run changed pod container (with tty enabled) + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem-pod + image: alpine + state: started + command: sleep 20m + tty: true + pod: testidempod + register: idem4 + + - name: Check that container is recreated when changed + assert: + that: + - idem4 is changed + - idem4.podman_systemd.keys() | list | length > 0 + - idem4.podman_systemd.values() | list | length > 0 + + - name: Run container with systemd generation parameters + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: started + command: sleep 20m + generate_systemd: + path: /tmp/ + restart_policy: always + time: 120 + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + register: system1 + + - name: Check service file presents + stat: + path: /tmp/containzzzzcontainer1.service + register: service_file + + - name: Check that container has correct systemd output + assert: + that: + - system1.podman_systemd.keys() | list | first == 'containzzzzcontainer1' + - system1.podman_systemd.values() | list | length > 0 + - service_file.stat.exists | bool + - "'-t 120 container1' in system1.podman_systemd.values() | list | first" + - "'Restart=always' in system1.podman_systemd.values() | list | first" + - "'autogenerated by Podman' not in system1.podman_systemd.values() | list | first" + + - name: Delete container with systemd generation parameters + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: absent + command: sleep 20m + generate_systemd: + path: /tmp/ + restart_policy: always + time: 120 + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + register: system1 + + - name: Check service file doesn't present + stat: + path: /tmp/containzzzzcontainer1.service + register: service2_file + + - name: Check that service file was deleted + assert: + that: + - not service2_file.stat.exists | bool + + - name: Create temporary rootfs directory + ansible.builtin.tempfile: + state: directory + suffix: container-rootfs + register: container_tempdir + - name: Debug container_tempdir + ansible.builtin.debug: + var: container_tempdir + + - name: Download alpine releases file + ansible.builtin.get_url: + url: "https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/{{ ansible_architecture }}/latest-releases.yaml" + dest: "{{ container_tempdir.path }}/latest-releases.yaml" + register: alpine_releases_file + + - name: Download alpine latest rootfs + vars: + latest_releases: "{{ lookup('file', alpine_releases_file.dest) }}" + latest_version: "{{ (latest_releases | from_yaml)[0].version }}" + latest_branch: "{{ (latest_releases | from_yaml)[0].branch }}" + ansible.builtin.unarchive: + src: "https://dl-cdn.alpinelinux.org/alpine/{{ latest_branch }}/releases/{{ ansible_architecture }}/alpine-minirootfs-{{ latest_version }}-{{ ansible_architecture }}.tar.gz" + dest: "{{ container_tempdir.path }}" + remote_src: true + + - name: Check invalid rootfs image pull + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: /ineverneverneverexist + rootfs: true + state: started + command: sleep 1d + register: imagerootfsfail + ignore_errors: true + + - name: Check output is correct + assert: + that: + - imagerootfsfail is failed + - imagerootfsfail.msg == "Image rootfs doesn't exist /ineverneverneverexist" + + - name: Check rootfs container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container3 + image: "{{ container_tempdir.path }}" + rootfs: true + state: started + command: sleep 1d + register: image + + - name: Check output is correct + assert: + that: + - image is changed + - image.container is defined + - image.container['State']['Running'] + - image.container['Image'] == "" + - image.container['Rootfs'] == "{{ container_tempdir.path }}" + - "'started container3' in image.actions" + fail_msg: Rootfs container test failed! + success_msg: Rootfs container test passed! + + - name: Check basic idempotency of running rootfs container - run it again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container3 + image: "{{ container_tempdir.path }}" + rootfs: true + state: started + command: sleep 1d + register: idem + + - name: Check that nothing was changed + assert: + that: + - not idem.changed + + - name: Rebuild rootfs container with image + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container3 + image: alpine:3.7 + state: started + command: sleep 1d + register: image + + - name: Debug image + ansible.builtin.debug: + var: image + + - name: Check output is correct + assert: + that: + - image is changed + - image.container is defined + - image.container['State']['Running'] + - image.container['Rootfs'] == "" + - "'alpine:3.7' in image.container['ImageName']" + - "'recreated container3' in image.actions" + fail_msg: Rootfs container test failed! + success_msg: Rootfs container test passed! + + - name: Rebuild container with rootfs again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container3 + image: "{{ container_tempdir.path }}" + rootfs: true + state: started + command: sleep 1d + register: image + + - name: Check output is correct + assert: + that: + - image is changed + - image.container is defined + - image.container['State']['Running'] + - image.container['Image'] == "" + - image.container['Rootfs'] == "{{ container_tempdir.path }}" + - "'recreated container3' in image.actions" + fail_msg: Rootfs container test failed! + success_msg: Rootfs container test passed! + + always: + + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testidem-pod + state: absent + + - name: Delete all container leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "alpine:3.7" + - "container" + - "container1" + - "container2" + - "container3" + - "testidem-pod" + + - name: Remove pod + shell: podman pod rm -f testidempod + ignore_errors: true + + - name: Remove temporary rootfs directory + ansible.builtin.file: + path: "{{ container_tempdir.path }}" + state: absent + when: container_tempdir is defined + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/Dockerfile b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/Dockerfile new file mode 100644 index 000000000..a42fc5689 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/Dockerfile @@ -0,0 +1,32 @@ +FROM alpine + +LABEL "key"="amazing value" +LABEL nobody=cares + +ARG build_arg + +ENV password root +ENV username root + +WORKDIR /work + +RUN adduser -D user && \ + adduser -D user2 + +COPY start.sh /start + +RUN chmod a+rwx /start + +EXPOSE 80 +EXPOSE 8080/tcp +VOLUME ["/data", "/data2"] +USER user +STOPSIGNAL KILL + +# problem with OS w/o systemd +# HEALTHCHECK --interval=5m --timeout=3s \ +# CMD date + +CMD ["1d"] +ENTRYPOINT ["/start"] + diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/start.sh b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/start.sh new file mode 100755 index 000000000..1217239e6 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/files/start.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +s=${1:-"3h"} +sleep "$s" + diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/build_test_container.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/build_test_container.yml new file mode 100644 index 000000000..c23e41aa0 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/build_test_container.yml @@ -0,0 +1,35 @@ +--- +- name: Create directory for user build images + file: + path: /tmp/usr_img + state: directory + +- name: Copy files to container build directory + copy: + src: "{{ item }}" + dest: "/tmp/usr_img/{{ item }}" + mode: 777 + loop: + - Dockerfile + - start.sh + +- name: Build test docker image for regular user + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ idem_image }}" + path: /tmp/usr_img + build: + format: docker + extra_args: --cgroup-manager=cgroupfs + +- name: Build test docker image for root user + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ idem_image }}" + path: /tmp/usr_img + build: + format: docker + become: true + environment: + XDG_RUNTIME_DIR: "" + DBUS_SESSION_BUS_ADDRESS: "" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml new file mode 100644 index 000000000..48247d71f --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml @@ -0,0 +1,339 @@ +# Other settings +- name: Remove leftovers from other tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- name: Run container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- name: Run container again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: Check info when running container again + assert: + that: test1 is not changed + +- name: Run container with environment vars + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + env: + mykey: "amazing value" + ENV1: "one=two=three" + command: 1h + register: test2 + +- name: Check info with environment vars + assert: + that: test2 is changed + +- name: Run container with environment vars again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + env: + mykey: "amazing value" + ENV1: "one=two=three" + command: 1h + register: test3 + +- name: Check info with environment vars again + assert: + that: test3 is not changed + +- name: Run container with changed environment vars + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + env: + mykey: "amazing value1" + ENV1: "one=two=three" + command: 1h + register: test4 + +- name: Check info with changed environment vars + assert: + that: test4 is changed + +- name: Run container with log opt tag + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_opt: + tag: nonotag + log_driver: journald + command: 1h + register: test9 + +- name: Check info with log opt tag + assert: + that: test9 is changed + +- name: Run container with log opt tag - again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_opt: + tag: nonotag + log_driver: journald + command: 1h + register: test10 + +- name: Check info with log opt tag - again + assert: + that: test10 is not changed + +- name: Run container with default log opt tag + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + log_driver: journald + register: test11 + +- name: Check info with default log opt tag + assert: + that: test11 is changed + +- name: Run container with log opt path + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_opt: + path: /tmp/container.log + log_driver: journald + command: 1h + register: test12 + +- name: Check info with log opt path + assert: + that: test12 is changed + +- name: Run container with changed log opt path + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_opt: + path: /tmp/container2.log + log_driver: journald + command: 1h + register: test13 + +- name: Check info with changed log opt path + assert: + that: test13 is changed + +- name: Run container with default log opt path + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_driver: journald + command: 1h + register: test14 + +# We can't guess the default log path +- name: Check info with default log opt path + assert: + that: test14 is not changed + +- name: Run container with all log-opts + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + log_driver: journald + log_opt: + path: /tmp/container3.log + max_size: 100mb + tag: sometag + command: 1h + +- name: Run container with mounted /dev/fuse + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + device: + - /dev/fuse + register: test15 + +- name: Run container with mounted /dev/fuse again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + device: + - /dev/fuse + register: test16 + +- name: Run container with mounted /dev/fuse:/dev/fuse + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + device: + - /dev/fuse:/dev/fuse + register: test17 + +- name: Run container with mounted /dev/fuse third time + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + device: + - /dev/fuse + register: test18 + +- name: Run container without mounted device + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + register: test19 + +- name: Check info with mounted devices + assert: + that: + - test15 is changed + - test16 is not changed + - test17 is not changed + - test18 is not changed + - test19 is changed + +- name: Run container with etc_hosts + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + etc_hosts: + host1: 127.0.0.1 + host2: fd00::1 + command: 1h + register: test20 + +- name: Check info with etc_hosts + assert: + that: test20 is changed + +- name: Run container with etc_hosts again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + etc_hosts: + host1: 127.0.0.1 + host2: fd00::1 + command: 1h + register: test21 + +- name: Check info with etc_hosts again + assert: + that: test21 is not changed + +- name: Run default container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + +- name: Run container with restart policy always + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + restart_policy: always + register: test22 + +- name: Check info with restart policy always + assert: + that: test22 is changed + +- name: Run container with restart policy always again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + restart_policy: always + register: test23 + +- name: Check info with restart policy always again + assert: + that: test23 is not changed + +- name: Run container with a different restart policy on-failure + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + restart_policy: on-failure + register: test24 + +- name: Check info with restart policy on-failure + assert: + that: test24 is changed + +- name: Run default container w/o restart policy + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + register: test25 + +- name: Check info w/o restart policy + assert: + that: test25 is changed + +- name: Remove test container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_labels.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_labels.yml new file mode 100644 index 000000000..5d08d4505 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_labels.yml @@ -0,0 +1,200 @@ +# Labels +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + label: + key: "amazing value" + nobody: "cares" + command: 1h + register: test2 + +- name: check test2 + assert: + that: test2 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + label: + haha: kukuku + LLALA: WIWIWIW + OEIWIOP: eufslsa + ieui4: KDJSL4D + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + label: + haha: kukuku + LLALA: WIWIWIW + OEIWIOP: eufslsa + ieui4: KDJSL4D + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + label: + test: notest + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + label: + key: "amazing value" + nobody: "cares" + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test10 + +- name: check test10 + assert: + that: test10 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + label: + razraz: dva + command: sleep 1h + register: test11 + +- name: check test11 + assert: + that: test11 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test13 + +- name: check test13 + assert: + that: test13 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_network_aliases.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_network_aliases.yml new file mode 100644 index 000000000..2da693cd7 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_network_aliases.yml @@ -0,0 +1,55 @@ +- name: Remove container netcontainer + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + state: absent + +- name: Run container with testnet and two aliases + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: started + network: testnet + network_aliases: + - netcontainer-alias-a + - netcontainer-alias-b + +- name: Run container again with testnet and same two aliases + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: present + network: testnet + network_aliases: + - netcontainer-alias-a + - netcontainer-alias-b + register: info + +- name: Check info for 2 runs of testnet + assert: + that: + - info is not changed + +- name: Run changed container with testnet and three aliases + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: present + network: testnet + network_aliases: + - netcontainer-alias-a + - netcontainer-alias-b + - netcontainer-alias-c + register: info1 + +- name: Check info + assert: + that: + - info1 is changed + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_networks.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_networks.yml new file mode 100644 index 000000000..0eedfda66 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_networks.yml @@ -0,0 +1,44 @@ +- name: Remove container netcontainer + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + state: absent + +- name: Run container with {{ item.first_net }} + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: started + network: "{{ item.first_net }}" + +- name: Run container again with {{ item.first_net }} + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: present + network: "{{ item.first_net }}" + register: info + +- name: Check info for 2 runs of {{ item.first_net }} + assert: + that: + - info is not changed + +- name: Run changed container with {{ item.next_net }} + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + image: "{{ idem_image }}" + command: 1h + state: present + network: "{{ item.next_net }}" + register: info1 + +- name: Check info + assert: + that: + - info1 is changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_pods.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_pods.yml new file mode 100644 index 000000000..56e1e95d3 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_pods.yml @@ -0,0 +1,83 @@ +- name: Remove testing pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: testpod + state: absent + +- name: Remove test container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: testpod_container1 + state: absent + +- name: Create pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: testpod + publish: + - "11111:11111" + +- name: Start test container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: testpod_container1 + pod: testpod + state: started + label: + key: value + env: + test: test2 + volumes: + - /tmp:/data + +- name: Start test container again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: testpod_container1 + pod: testpod + state: started + label: + key: value + env: + test: test2 + volumes: + - /tmp:/data + register: info + +- name: Check starting container + assert: + that: info is not changed + +- name: Start test container changed + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: testpod_container1 + pod: testpod + state: started + register: info1 + +- name: Check starting container changed + assert: + that: info1 is changed + +- name: Start test container again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: testpod_container1 + pod: testpod + state: started + register: info2 + +- name: Check starting container again + assert: + that: info2 is not changed + +- name: Remove testing pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: testpod + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml new file mode 100644 index 000000000..54a667c86 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml @@ -0,0 +1,265 @@ +# Ports +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "1900:1900/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.1:12122:8876/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + - "127.0.0.2:43423:8872/tcp" + - "127.0.0.3:43423:8872" + register: test2 + +- name: check test2 + assert: + that: test2 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "1900:1900/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.1:12122:8876/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + - "127.0.0.2:43423:8872/tcp" + - "127.0.0.3:43423:8872" + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + publish_all: true + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + publish_all: true + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + ports: + - 10000:8080 + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + ports: + - 10001:8080 + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + ports: + - 10001:8080/tcp + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + ports: + - 10001:8080/tcp + publish_all: false + command: 1h + register: test9a + +- name: check test9a + assert: + that: test9a is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9b + +- name: check test9b + assert: + that: test9b is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test10 + +- name: check test10 + assert: + that: test10 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + publish_all: false + command: sleep 1h + register: test11 + +- name: check test11 + assert: + that: test11 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + publish_all: true + command: sleep 1h + register: test11a + +- name: check test11a + assert: + that: test11a is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + ports: + - 10000:8080 + command: sleep 1h + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test13 + +- name: check test13 + assert: + that: test13 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test14 + +- name: check test14 + assert: + that: test14 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_stopsignal.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_stopsignal.yml new file mode 100644 index 000000000..98586aece --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_stopsignal.yml @@ -0,0 +1,224 @@ +# Stop signal +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 9 + command: 1h + register: test2 + +- name: check test2 + assert: + that: test2 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 10 + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 10 + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 15 + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 9 + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + stop_signal: 15 + command: 1h + register: test9a + +- name: check test9a + assert: + that: test9a is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9b + +- name: check test9b + assert: + that: test9b is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test10 + +- name: check test10 + assert: + that: test10 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + stop_signal: 15 + command: sleep 1h + register: test11 + +- name: check test11 + assert: + that: test11 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + stop_signal: 10 + command: sleep 1h + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test13 + +- name: check test13 + assert: + that: test13 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test14 + +- name: check test14 + assert: + that: test14 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_users.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_users.yml new file mode 100644 index 000000000..6be03bb1a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_users.yml @@ -0,0 +1,186 @@ +# Users +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + user: user + command: 1h + register: test2 + +- name: check test2 + assert: + that: test2 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + user: user2 + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + user: user2 + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + user: user2 + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + user: user + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test10 + +- name: check test10 + assert: + that: test10 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + user: nobody + command: sleep 1h + register: test11 + +- name: check test11 + assert: + that: test11 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test13 + +- name: check test13 + assert: + that: test13 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_volumes.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_volumes.yml new file mode 100644 index 000000000..3fff4e34a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_volumes.yml @@ -0,0 +1,255 @@ +# Volumes +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test2 + +- name: check test2 + assert: + that: test2 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + volumes: + - /opt:/somedir/ + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + volumes: + - /opt/://somedir/ + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + volumes: + - /opt:/somedir + - /data + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + volumes: + - /data + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- name: Create volumes + shell: | + podman volume inspect local_volume1 || podman volume create local_volume1 + podman volume inspect local_volume2 || podman volume create local_volume2 + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + volumes: + - "/opt:/anotherdir" + - "local_volume1:/data" + register: test10 + +- name: check test10 + assert: + that: test10 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + volumes: + - "/opt//:/anotherdir" + - "local_volume1:/data/" + register: test11 + +- name: check test11 + assert: + that: test11 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + volumes: + - "/opt:/anotherdir" + - "local_volume2:/data" + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + volumes: + - "/opt:/anotherdir" + register: test13 + +- name: check test13 + assert: + that: test13 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test14 + +- name: check test14 + assert: + that: test14 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + volumes: + - /opt:/data + command: sleep 1h + register: test15 + +- name: check test15 + assert: + that: test15 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test16 + +- name: check test16 + assert: + that: test16 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test17 + +- name: check test17 + assert: + that: test17 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_workdir.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_workdir.yml new file mode 100644 index 000000000..ef1103188 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_workdir.yml @@ -0,0 +1,224 @@ +# Workdir +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test1 + +- name: check test1 + assert: + that: test1 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: /work + command: 1h + register: test2 + +- name: check test2 + assert: + that: test2 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test3 + +- name: check test3 + assert: + that: test3 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: /var + command: 1h + register: test4 + +- name: check test4 + assert: + that: test4 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: /var + command: 1h + register: test5 + +- name: check test5 + assert: + that: test5 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test6 + +- name: check test6 + assert: + that: test6 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: /var + command: 1h + register: test7 + +- name: check test7 + assert: + that: test7 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: /work + command: 1h + register: test8 + +- name: check test8 + assert: + that: test8 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9 + +- name: check test9 + assert: + that: test9 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + workdir: / + command: 1h + register: test9a + +- name: check test9a + assert: + that: test9a is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + command: 1h + register: test9b + +- name: check test9b + assert: + that: test9b is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency1 + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test10 + +- name: check test10 + assert: + that: test10 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + workdir: / + command: sleep 1h + register: test11 + +- name: check test11 + assert: + that: test11 is not changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + workdir: /var + command: sleep 1h + register: test12 + +- name: check test12 + assert: + that: test12 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test13 + +- name: check test13 + assert: + that: test13 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: alpine + name: idempotency1 + state: present + command: sleep 1h + register: test14 + +- name: check test14 + assert: + that: test14 is not changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml new file mode 100644 index 000000000..0b538ad85 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Prepare a container + include_tasks: build_test_container.yml + +- name: Test idempotency of users + include_tasks: idem_users.yml + +- name: Test idempotency of workdir + include_tasks: idem_workdir.yml + +- name: Test idempotency of labels + include_tasks: idem_labels.yml + +- name: Test idempotency of stop signal + include_tasks: idem_stopsignal.yml + +- name: Test idempotency of ports + include_tasks: idem_ports.yml + +- name: Test idempotency of volumes + include_tasks: idem_volumes.yml + +- name: Test idempotency of containers in pods + include_tasks: idem_pods.yml + +- name: Test idempotency of other settings + include_tasks: idem_all.yml + +- name: Test idempotency for root containers + include_tasks: root-podman.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + args: + apply: + become: true + +- name: Test idempotency for root network containers + include_tasks: root-podman-network.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + args: + apply: + become: true + +- name: Test idempotency for rootless network containers + include_tasks: rootless-podman-network.yml diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman-network.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman-network.yml new file mode 100644 index 000000000..6d5b7bb08 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman-network.yml @@ -0,0 +1,71 @@ +- name: Test podman rootful container with networks + block: + + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + state: absent + + - name: Create network testnet + command: podman network create testnet --subnet 10.92.92.0/24 + + - name: Create network anothernet + command: podman network create anothernet --subnet 10.72.72.0/24 + + - name: List current networks + command: podman network ls + + - name: Set test data + set_fact: + testdata: + - first_net: host + next_net: bridge + - first_net: bridge + next_net: host + - first_net: none + next_net: host + - first_net: host + next_net: none + - first_net: anothernet + next_net: testnet + - first_net: testnet + next_net: + - testnet + - anothernet + - first_net: + - testnet + - anothernet + next_net: anothernet + - first_net: + - testnet + - anothernet + next_net: bridge + - first_net: + - testnet + - anothernet + next_net: host + - first_net: host + next_net: anothernet + - first_net: bridge + next_net: + - anothernet + - testnet + + - include_tasks: idem_networks.yml + loop: "{{ testdata }}" + + - include_tasks: idem_network_aliases.yml + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: netcontainer + state: absent + + - name: Delete all network leftovers from tests + shell: | + podman network rm -f anothernet + podman network rm -f testnet diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml new file mode 100644 index 000000000..f41587367 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml @@ -0,0 +1,213 @@ +--- +# Ulimits testing +- name: Make sure container doesn't exist + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: root-idempotency + state: absent + +- name: Run container as is + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: started + command: 1h + +- name: Run container as is again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + register: info_a + +- name: Check that it is not recreated + assert: + that: + - info_a is not changed + +- name: Run containers with ulimits + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ulimit: + - 'nofile=55535:55535' + - 'memlock=-1:-1' + register: info + +- name: Check that it is recreated + assert: + that: + - info is changed + +- name: Run containers with ulimits - idempotency + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ulimit: + - 'nofile=55535:55535' + - 'memlock=-1:-1' + register: info1 + +- name: Check that it is recreated + assert: + that: + - info1 is not changed + +- name: Run containers with changed ulimits + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ulimit: + - 'nofile=55535:65535' + - 'memlock=-1:-1' + register: info2 + +- name: Check that it is recreated + assert: + that: + - info2 is changed + +- name: Run containers with changed ulimits - idempotency + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ulimit: + - 'nofile=55535:65535' + - 'memlock=-1:-1' + register: info3 + +- name: Check that it is recreated + assert: + that: + - info3 is not changed + +- name: Run default container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: started + command: 1h + +- name: Run containers with MAC address + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: started + command: 1h + mac_address: 44:55:66:77:88:99 + register: info4 + +- name: Check that it is not recreated + assert: + that: + - info4 is changed + - info4.container['NetworkSettings']['MacAddress'] == '44:55:66:77:88:99' + +- name: Run containers with MAC address again - idempotency + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + mac_address: 44:55:66:77:88:99 + register: info5 + +- name: Check that it is not recreated + assert: + that: + - info5 is not changed + +- name: Run containers with MAC address changed + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + mac_address: 44:55:66:77:88:33 + register: info6 + +- name: Check that it is recreated + assert: + that: + - info6 is changed + +- name: Run again default container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + register: info7 + +- name: Check that it is recreated + assert: + that: + - info7 is not changed + +- name: Run container with publishing ports and ipv6 + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.3:43423:8872" + - "[::1]:34523:35425" + register: info8 + +- name: Check that it is recreated + assert: + that: + - info8 is changed + +- name: Run container with publishing ports and ipv6 again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: root-idempotency + state: present + command: 1h + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.3:43423:8872" + - "[::1]:34523:35425" + register: info9 + +- name: Check that it is recreated + assert: + that: + - info9 is not changed + +- name: Make sure container doesn't exist + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: root-idempotency + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/rootless-podman-network.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/rootless-podman-network.yml new file mode 100644 index 000000000..62dd3a5a0 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/rootless-podman-network.yml @@ -0,0 +1,229 @@ +- name: Test podman rootful container with networks + block: + + - name: Remove container rootlessnet2 + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet2 + state: absent + + - name: Remove container rootlessnet + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + state: absent + + - name: Run container with no specified networks + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: started + + - name: Run container again with no specified networks + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + register: info + + - name: Check info for no specified networks + assert: + that: + - info is not changed + + - name: Run container with network mode host + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: host + register: info1 + + - name: Check info with network mode host + assert: + that: + - info1 is changed + + - name: Run container with network mode host again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: host + register: info2 + + - name: Check info with network mode host again + assert: + that: + - info2 is not changed + + - name: Run container without network at all + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: none + register: info3 + + - name: Check info without network at all + assert: + that: + - info3 is changed + + - name: Run container without network at all again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: none + register: info4 + + - name: Check info without network at all again + assert: + that: + - info4 is not changed + + - name: Run container with default network mode + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + register: info5 + + - name: Check info with default network mode + assert: + that: + - info5 is changed + + - name: Run container with slirp4netns options + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: + - slirp4netns:allow_host_loopback=true,cidr=10.0.3.0/24 + register: info6 + + - name: Check info with slirp4netns options + assert: + that: + - info6 is changed + + - name: Run container with slirp4netns options - again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: + - slirp4netns:allow_host_loopback=true,cidr=10.0.3.0/24 + register: info7 + + - name: Check info with slirp4netns options - again + assert: + that: + - info7 is not changed + + - name: Run container with different slirp4netns options + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + network: + - slirp4netns:allow_host_loopback=true,cidr=10.0.4.0/24 + register: info8 + + - name: Check info with different slirp4netns options + assert: + that: + - info8 is changed + + - name: Run container without options + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + register: info9 + + - name: Check info without options + assert: + that: + - info9 is changed + + - name: Run container without options - again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + image: "{{ idem_image }}" + command: 1h + state: present + register: info10 + + - name: Check info without options - again + assert: + that: + - info10 is not changed + + - name: Run container network attached to first one + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet2 + image: "{{ idem_image }}" + command: 1h + state: started + network: 'container:rootlessnet' + register: info11 + + - name: Check info container network attached to first one + assert: + that: + - info11 is changed + + - name: Run container network attached to first one - again + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet2 + image: "{{ idem_image }}" + command: 1h + state: started + network: 'container:rootlessnet' + register: info12 + + - name: Check info container network attached to first one - again + assert: + that: + - info12 is not changed + always: + + - name: Delete all containers leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet2 + state: absent + + - name: Delete all containers leftovers from tests 2 + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: rootlessnet + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_info/tasks/main.yml new file mode 100644 index 000000000..d62bf8f1b --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_info/tasks/main.yml @@ -0,0 +1,101 @@ +- name: Test podman_container_info + block: + + - name: Generate random value for container name + set_fact: + container_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure container doesn't exist + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + state: absent + + - name: Get missing container info + containers.podman.podman_container_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + register: nonexist + + - name: Check results of missing container info + assert: + that: + - "'containers' in nonexist" + - nonexist is succeeded + - nonexist.containers == [] + + - name: Get missing multiple container info + containers.podman.podman_container_info: + executable: "{{ test_executable | default('podman') }}" + name: + - "{{ container_name }}" + - neverexist + - whatever + register: nonexist2 + ignore_errors: true + + - name: Check results of missing multiple container info + assert: + that: + - "'containers' in nonexist2" + - nonexist2 is succeeded + - nonexist2.containers == [] + + - name: Make sure container exists + command: podman container run -d --name {{ container_name }} alpine sleep 15m + + - name: Get existing container info + containers.podman.podman_container_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + register: existing_container + + - name: Get mixed existing and non-existing container info + containers.podman.podman_container_info: + executable: "{{ test_executable | default('podman') }}" + name: + - "{{ container_name }}" + - whatever + register: mixed_existing_container + + - name: Get all containers info + containers.podman.podman_container_info: + executable: "{{ test_executable | default('podman') }}" + register: all_containers + + - name: Dump podman container inspect result + debug: var=existing_container + + - name: Comparison with 'podman container inspect' + command: podman container inspect "{{ container_name }}" + register: podman_inspect + + - name: Convert podman inspect output to JSON + set_fact: + podman_inspect_result: "{{ podman_inspect.stdout | from_json }}" + + - name: Cleanup + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + state: absent + + - name: Make checks + # https://github.com/containers/podman/issues/9490 + assert: + that: + - "'containers' in existing_container" + - existing_container.containers + # - "existing_container.containers == podman_inspect_result" + # - all_containers.containers == existing_container.containers + - "'containers' in mixed_existing_container" + - mixed_existing_container.containers + # - existing_container.containers == mixed_existing_container.containers + + always: + + - name: Cleanup + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml new file mode 100644 index 000000000..69c94b313 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml @@ -0,0 +1,725 @@ +- name: Test multiple podman_containers + block: + - name: Delete all containers leftovers from tests + containers.podman.podman_containers: + containers: + - name: "alpine:3.7" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "container" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "container1" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "container2" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "container3" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "container4" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem1" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem2" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem3" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem-pod" + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: "testidem-pod2" + state: absent + executable: "{{ test_executable | default('podman') }}" + + - name: Test no image with default action + containers.podman.podman_containers: + containers: + - name: "container" + executable: "{{ test_executable | default('podman') }}" + - name: "container2" + executable: "{{ test_executable | default('podman') }}" + - name: "container3" + executable: "{{ test_executable | default('podman') }}" + image: alpine + ignore_errors: true + register: no_image + + - name: Test no image with state 'started' + containers.podman.podman_containers: + containers: + - name: "container" + state: started + executable: "{{ test_executable | default('podman') }}" + - name: "container2" + state: started + executable: "{{ test_executable | default('podman') }}" + ignore_errors: true + register: no_image1 + + - name: Test no image with state 'present' + containers.podman.podman_containers: + containers: + - name: "container" + state: present + executable: "{{ test_executable | default('podman') }}" + - name: "container2" + state: present + executable: "{{ test_executable | default('podman') }}" + - name: "container3" + state: present + image: alpine + executable: "{{ test_executable | default('podman') }}" + ignore_errors: true + register: no_image2 + + - name: Check no image + assert: + that: + - no_image is failed + - no_image1 is failed + - no_image2 is failed + - no_image.msg is search("State 'started' required image to be configured!") + - no_image1.msg is search ("State 'started' required image to be configured!") + - no_image2.msg is search("State 'present' required image to be configured!") + fail_msg: No-image test failed! + success_msg: No-image test passed! + + - name: Ensure image doesn't exist + containers.podman.podman_image: + name: alpine:3.7 + state: absent + executable: "{{ test_executable | default('podman') }}" + + - name: Check pulling image + containers.podman.podman_containers: + containers: + - name: container + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container1 + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: image + + - name: Check using already pulled image + containers.podman.podman_containers: + containers: + - name: container1 + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container3 + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: image2 + + - name: Check output is correct + assert: + that: + - image is changed + - image.containers[0] is defined + - image.containers[0]['State']['Running'] + - image.containers[1] is defined + - image.containers[1]['State']['Running'] + - "'pulled image alpine:3.7' in image.actions" + - "'started container' in image.actions" + - "'started container1' in image.actions" + - image2 is changed + - image2.containers is defined + - image2.containers[0]['State']['Running'] + - image2.containers[1]['State']['Running'] + - "'pulled image alpine:3.7' not in image2.actions" + - "'started container3' in image2.actions" + fail_msg: Pulling image test failed! + success_msg: Pulling image test passed! + + - name: Check failed image pull + containers.podman.podman_containers: + containers: + - name: container1 + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container + image: ineverneverneverexist + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: imagefail + ignore_errors: true + + - name: Check output is correct + assert: + that: + - imagefail is failed + - imagefail.msg == "Can't pull image ineverneverneverexist" + + - name: Force containers recreate + containers.podman.podman_containers: + containers: + - name: container1 + image: alpine:3.7 + state: present + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container + image: alpine + state: present + command: sleep 1d + recreate: true + executable: "{{ test_executable | default('podman') }}" + register: recreated + + - name: Check output is correct + assert: + that: + - recreated is changed + - recreated.containers is defined + - recreated.containers[1]['State']['Running'] + - "'recreated container' in recreated.actions" + fail_msg: Force recreate test failed! + success_msg: Force recreate test passed! + + - name: Stop containers + containers.podman.podman_containers: + containers: + - name: container + state: stopped + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: stopped + executable: "{{ test_executable | default('podman') }}" + register: stopped + + - name: Stop the same containers again (idempotency) + containers.podman.podman_containers: + containers: + - name: container + state: stopped + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: stopped + executable: "{{ test_executable | default('podman') }}" + register: stopped_again + + - name: Check output is correct + assert: + that: + - stopped is changed + - stopped.containers is defined + - not stopped.containers[0]['State']['Running'] + - not stopped.containers[1]['State']['Running'] + - "'stopped container' in stopped.actions" + - stopped_again is not changed + - stopped_again.containers is defined + - not stopped_again.containers[0]['State']['Running'] + - not stopped_again.containers[1]['State']['Running'] + - stopped_again.actions == [] + fail_msg: Stopping container test failed! + success_msg: Stopping container test passed! + + - name: Delete stopped containers + containers.podman.podman_containers: + containers: + - name: container + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: absent + executable: "{{ test_executable | default('podman') }}" + register: deleted + + - name: Delete again containers (idempotency) + containers.podman.podman_containers: + containers: + - name: container + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: absent + executable: "{{ test_executable | default('podman') }}" + register: deleted_again + + - name: Check output is correct + assert: + that: + - deleted is changed + - deleted.containers is defined + - deleted.containers == [] + - "'deleted container' in deleted.actions" + - "'deleted container1' in deleted.actions" + - deleted_again is not changed + - deleted_again.containers is defined + - deleted_again.containers == [] + - deleted_again.actions == [] + fail_msg: Deleting stopped container test failed! + success_msg: Deleting stopped container test passed! + + - name: Create containers, but don't run + containers.podman.podman_containers: + containers: + - name: container + image: alpine:3.7 + state: stopped + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container1 + image: alpine:3.7 + state: created + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: created + + - name: Create containers, but don't run again + containers.podman.podman_containers: + containers: + - name: container + image: alpine:3.7 + state: stopped + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container1 + image: alpine:3.7 + state: created + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: created_again + + - name: Check output is correct + assert: + that: + - created is changed + - created.containers is defined + - created.containers != [] + - not created.containers[0]['State']['Running'] + - not created.containers[1]['State']['Running'] + - "'created container' in created.actions" + fail_msg: "Creating stopped container test failed!" + success_msg: "Creating stopped container test passed!" + + - name: Delete created containers + containers.podman.podman_containers: + containers: + - name: container + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: absent + executable: "{{ test_executable | default('podman') }}" + + - name: Start containers that were deleted + containers.podman.podman_containers: + containers: + - name: container + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + - name: container1 + image: alpine:3.7 + state: started + command: sleep 1d + executable: "{{ test_executable | default('podman') }}" + register: started + + - name: Check output is correct + assert: + that: + - started.containers is defined + - started.containers[0]['State']['Running'] + - started.containers[1]['State']['Running'] + - "'started container' in started.actions" + - "'pulled image alpine:3.7' not in started.actions" + + - name: Delete started container + containers.podman.podman_containers: + containers: + - name: container + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: absent + executable: "{{ test_executable | default('podman') }}" + register: deleted + + - name: Delete again container (idempotency) + containers.podman.podman_containers: + containers: + - name: container + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: container1 + state: absent + executable: "{{ test_executable | default('podman') }}" + register: deleted_again + + - name: Check output is correct + assert: + that: + - deleted is changed + - deleted.containers is defined + - deleted.containers == [] + - "'deleted container' in deleted.actions" + - "'deleted container1' in deleted.actions" + - deleted_again is not changed + - deleted_again.containers is defined + - deleted_again.containers == [] + - deleted_again.actions == [] + fail_msg: Deleting started container test failed! + success_msg: Deleting started container test passed! + + - name: Recreate container with parameters + containers.podman.podman_containers: + containers: + - name: container + executable: "{{ test_executable | default('podman') }}" + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + recreate: true + etc_hosts: + host1: 127.0.0.1 + host2: 127.0.0.1 + annotation: + this: "annotation_value" + dns_servers: + - 1.1.1.1 + - 8.8.4.4 + dns_search_domains: example.com + capabilities: + - SYS_TIME + - NET_ADMIN + ports: + - "9000:80" + - "9001:8000" + workdir: "/bin" + env: + FOO: bar=1 + BAR: foo + TEST: 1 + BOOL: false + label: + somelabel: labelvalue + otheralbe: othervalue + volumes: + - /tmp:/data + - name: container1 + executable: "{{ test_executable | default('podman') }}" + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + recreate: true + etc_hosts: + host1: 127.0.0.1 + host2: 127.0.0.1 + annotation: + this: "annotation_value" + dns_servers: + - 1.1.1.1 + - 8.8.4.4 + dns_search_domains: example.com + capabilities: + - SYS_TIME + - NET_ADMIN + ports: + - "9002:80" + - "9003:8000" + workdir: "/bin" + env: + FOO: bar=1 + BAR: foo + TEST: 1 + BOOL: false + label: + somelabel: labelvalue + otheralbe: othervalue + volumes: + - /tmp:/data + register: test + + - name: Check output is correct + assert: + that: + - test is changed + - test.containers is defined + - test.containers != [] + - test.containers[0]['State']['Running'] + # test capabilities + - "'CAP_SYS_TIME' in test.containers[0]['BoundingCaps']" + - "'CAP_NET_ADMIN' in test.containers[0]['BoundingCaps']" + # test annotations + - test.containers[0]['Config']['Annotations']['this'] is defined + - test.containers[0]['Config']['Annotations']['this'] == "annotation_value" + # test DNS + - >- + (test.containers[0]['HostConfig']['Dns'] is defined and + test.containers[0]['HostConfig']['Dns'] == ['1.1.1.1', '8.8.4.4']) or + (test.containers[0]['HostConfig']['DNS'] is defined and + test.containers[0]['HostConfig']['DNS'] == ['1.1.1.1', '8.8.4.4']) + # test ports + - test.containers[0]['NetworkSettings']['Ports']|length == 2 + # test working dir + - test.containers[0]['Config']['WorkingDir'] == "/bin" + # test dns search + - >- + (test.containers[0]['HostConfig']['DnsSearch'] is defined and + test.containers[0]['HostConfig']['DnsSearch'] == ['example.com']) or + (test.containers[0]['HostConfig']['DNSSearch'] is defined and + test.containers[0]['HostConfig']['DNSSearch'] == ['example.com']) + # test environment variables + - "'FOO=bar=1' in test.containers[0]['Config']['Env']" + - "'BAR=foo' in test.containers[0]['Config']['Env']" + - "'TEST=1' in test.containers[0]['Config']['Env']" + - "'BOOL=False' in test.containers[0]['Config']['Env']" + # test labels + - test.containers[0]['Config']['Labels'] | length == 2 + - test.containers[0]['Config']['Labels']['somelabel'] == "labelvalue" + - test.containers[0]['Config']['Labels']['otheralbe'] == "othervalue" + # test mounts + - >- + (test.containers[0]['Mounts'][0]['Destination'] is defined and + '/data' in test.containers[0]['Mounts'] | map(attribute='Destination') | list) or + (test.containers[0]['Mounts'][0]['destination'] is defined and + '/data' in test.containers[0]['Mounts'] | map(attribute='destination') | list) + - >- + (test.containers[0]['Mounts'][0]['Source'] is defined and + '/tmp' in test.containers[0]['Mounts'] | map(attribute='Source') | list) or + (test.containers[0]['Mounts'][0]['source'] is defined and + '/tmp' in test.containers[0]['Mounts'] | map(attribute='source') | list) + fail_msg: Parameters container test failed! + success_msg: Parameters container test passed! + + - name: Check basic idempotency of running container + containers.podman.podman_containers: + containers: + - name: testidem + image: docker.io/alpine + state: started + command: sleep 20m + executable: "{{ test_executable | default('podman') }}" + - name: testidem2 + image: docker.io/alpine + state: started + command: sleep 21m + executable: "{{ test_executable | default('podman') }}" + - name: testidem3 + image: docker.io/alpine + state: started + command: sleep 22m + executable: "{{ test_executable | default('podman') }}" + + - name: Check basic idempotency of running container - run it again + containers.podman.podman_containers: + containers: + - name: testidem + image: docker.io/alpine + state: present + command: sleep 20m + executable: "{{ test_executable | default('podman') }}" + - name: testidem2 + image: docker.io/alpine + state: present + command: sleep 21m + executable: "{{ test_executable | default('podman') }}" + - name: testidem3 + image: docker.io/alpine + state: present + command: sleep 22m + executable: "{{ test_executable | default('podman') }}" + register: idem + + - name: Check that nothing was changed + assert: + that: + - not idem.changed + + - name: Run changed container (with tty enabled) + containers.podman.podman_containers: + containers: + - name: testidem + image: docker.io/alpine + state: present + command: sleep 20m + tty: true + executable: "{{ test_executable | default('podman') }}" + - name: testidem2 + image: docker.io/alpine + state: present + command: sleep 21m + executable: "{{ test_executable | default('podman') }}" + - name: testidem3 + image: docker.io/alpine + state: present + command: sleep 22m + executable: "{{ test_executable | default('podman') }}" + register: idem1 + + - name: Check that container is recreated when changed + assert: + that: + - idem1 is changed + + - name: Run changed container without specifying an option, use defaults + containers.podman.podman_containers: + containers: + - name: testidem + image: docker.io/alpine + state: present + command: sleep 20m + executable: "{{ test_executable | default('podman') }}" + - name: testidem2 + image: docker.io/alpine + state: present + command: sleep 21m + executable: "{{ test_executable | default('podman') }}" + - name: testidem3 + image: docker.io/alpine + state: present + command: sleep 22m + executable: "{{ test_executable | default('podman') }}" + register: idem2 + + - name: Check that container is recreated when changed to default value + assert: + that: + - idem2 is changed + + - name: Remove container + containers.podman.podman_containers: + containers: + - name: testidem + state: absent + executable: "{{ test_executable | default('podman') }}" + register: remove + + - name: Check podman_actions + assert: + that: + - "'podman rm -f testidem' in remove.podman_actions" + + - name: Create a pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: testidempod + + - name: Check basic idempotency of pod container + containers.podman.podman_containers: + containers: + - name: testidem-pod + image: docker.io/alpine + state: present + command: sleep 20m + pod: "testidempod" + executable: "{{ test_executable | default('podman') }}" + - name: testidem-pod2 + image: docker.io/alpine + state: present + command: sleep 20m + pod: testidempod + executable: "{{ test_executable | default('podman') }}" + + - name: Check basic idempotency of pod container - run it again + containers.podman.podman_containers: + containers: + - name: testidem-pod + image: alpine:latest + state: present + command: sleep 20m + pod: testidempod + executable: "{{ test_executable | default('podman') }}" + - name: testidem-pod2 + image: docker.io/alpine + state: present + command: sleep 20m + pod: testidempod + executable: "{{ test_executable | default('podman') }}" + register: idem + + - name: Check that nothing was changed in pod containers + assert: + that: + - not idem.changed + + - name: Run changed pod container (with tty enabled) + containers.podman.podman_containers: + containers: + - name: testidem-pod + image: alpine + state: present + command: sleep 20m + tty: true + pod: testidempod + executable: "{{ test_executable | default('podman') }}" + - name: testidem-pod2 + image: alpine + state: present + command: sleep 20m + pod: testidempod + executable: "{{ test_executable | default('podman') }}" + register: idem1 + + - name: Check that container is recreated when changed + assert: + that: + - idem1 is changed + + - name: Remove container + containers.podman.podman_containers: + containers: + - name: testidem-pod + state: absent + executable: "{{ test_executable | default('podman') }}" + - name: testidem-pod2 + state: absent + executable: "{{ test_executable | default('podman') }}" + + always: + - name: Delete all container leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "alpine:3.7" + - "container" + - "container1" + - "container2" + - "container3" + - "container4" + - "testidem" + - "testidem1" + - "testidem2" + - "testidem3" + - "testidem-pod" + - "testidem-pod2" + + - name: Remove pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: testidempod + state: absent + +- name: Test containers module for root + include_tasks: root-multi.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + args: + apply: + become: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/root-multi.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/root-multi.yml new file mode 100644 index 000000000..d61c4e584 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/root-multi.yml @@ -0,0 +1,115 @@ +--- +- name: Test podman rootful pod play + block: + + - name: Create networks + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: present + loop: + - testnet1 + - testnet2 + + - name: Create container with parameters + register: continfo + containers.podman.podman_containers: + containers: + - name: cont1 + executable: "{{ test_executable | default('podman') }}" + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + debug: true + network: testnet1 + add_hosts: + host1: 127.0.0.1 + host2: 127.0.0.1 + annotation: + this: "annotation_value" + dns_servers: + - 1.1.1.1 + - 8.8.4.4 + dns_search_domains: example.com + capabilities: + - SYS_TIME + - NET_ADMIN + ports: + - "9000:80" + - "9001:8000" + workdir: "/bin" + env: + FOO: bar=1 + BAR: foo + TEST: 1 + BOOL: false + label: + somelabel: labelvalue + otheralbe: othervalue + volumes: + - /tmp:/data + interactive: true + - name: cont2 + executable: "{{ test_executable | default('podman') }}" + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + recreate: true + network: + - testnet2 + - testnet1 + etc_hosts: + host1: 127.0.0.1 + host2: 127.0.0.1 + annotation: + this: "annotation_value" + dns_servers: + - 1.1.1.1 + - 8.8.4.4 + dns_search_domains: example.com + capabilities: + - SYS_TIME + - NET_ADMIN + ports: + - "9002:80" + - "9003:8000" + workdir: "/bin" + env: + FOO: bar=1 + BAR: foo + TEST: 1 + BOOL: false + label: + somelabel: labelvalue + otheralbe: othervalue + volumes: + - /tmp:/data + interactive: false + + - name: Check multiple root containers + assert: + that: + - continfo.containers[0]['NetworkSettings']['Networks'].keys() | list == ['testnet1'] + - continfo.containers[1]['NetworkSettings']['Networks'].keys() | list == ['testnet1', 'testnet2'] or + continfo.containers[1]['NetworkSettings']['Networks'].keys() | list == ['testnet2', 'testnet1'] + + always: + + - name: Delete all containers leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - cont1 + - cont2 + - cont3 + + - name: Delete all networks leftovers from tests + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - testnet1 + - testnet2 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml new file mode 100644 index 000000000..70f8d3852 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml @@ -0,0 +1,71 @@ +--- +- name: Test podman export + block: + - name: Start container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + command: sleep 1d + + - name: Export container + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + container: container + dest: /tmp/container + + - name: Check file + stat: + path: /tmp/container + register: img + + - name: Check it's exported + assert: + that: + - img.stat.exists + + - name: Import container + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/container + register: image + + - name: Check it's imported + assert: + that: + - image is success + + - name: Export container without force + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + container: container + dest: /tmp/container + force: false + register: image2 + + - name: Check it's exported + assert: + that: + - image2 is success + - image2 is not changed + + - name: Export container with force + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + container: container + dest: /tmp/container + force: true + register: image3 + + - name: Check it's not exported + assert: + that: + - image3 is changed + + always: + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml new file mode 100644 index 000000000..6b0d18cb2 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml @@ -0,0 +1,94 @@ +- name: A postgres container must exist, stopped + containers.podman.podman_container: + name: postgres_local + image: docker.io/library/postgres:latest + state: stopped + +- name: Generate the systemd units as Ansible variables + containers.podman.podman_generate_systemd: + name: postgres_local + register: postgres_local_systemd_unit + ignore_errors: true + +- name: Check systemd unit are generated + assert: + that: + - postgres_local_systemd_unit is succeeded + +- name: Check systemd unit exist in registered vars + assert: + that: + - item.key == "container-postgres_local" + - item.value != None + loop: "{{ postgres_local_systemd_unit.systemd_units | dict2items }}" + +- name: Check podman command used to generate systemd units is returned + assert: + that: + - postgres_local_systemd_unit.podman_command != "" + +- name: Regenerate the systemd units and write them + containers.podman.podman_generate_systemd: + name: postgres_local + dest: /tmp/podman_generate_systemd + register: postgres_local_systemd_unit + ignore_errors: true + +- name: Check the unit files exists + ansible.builtin.stat: + path: "/tmp/podman_generate_systemd/{{ item.key }}.service" + loop: "{{ postgres_local_systemd_unit.systemd_units | dict2items }}" + +- name: Regenerate the systemd units with all the options + containers.podman.podman_generate_systemd: + name: postgres_local + new: true + restart_policy: on-abnormal + restart_sec: 19 + start_timeout: 21 + stop_timeout: 23 + env: + POSTGRES_USER: my_app + POSTGRES_PASSWORD: example + use_names: true + container_prefix: more + pod_prefix: less + separator: + + no_header: true + after: drink.service + wants: water.service + requires: ice.service + executable: /usr/bin/podman + register: postgres_local_systemd_unit + ignore_errors: true + +- name: Check the correct podman command is build + assert: + that: + - postgres_local_systemd_unit.podman_command is search("postgres_local") + - postgres_local_systemd_unit.podman_command is search("--new") + - postgres_local_systemd_unit.podman_command is search("--restart-policy=on-abnormal") + - postgres_local_systemd_unit.podman_command is search("--restart-sec=19") + - postgres_local_systemd_unit.podman_command is search("--start-timeout=21") + - postgres_local_systemd_unit.podman_command is search("--stop-timeout=23") + - postgres_local_systemd_unit.podman_command is search("-e='POSTGRES_USER=my_app'") + - postgres_local_systemd_unit.podman_command is search("-e='POSTGRES_PASSWORD=example'") + - postgres_local_systemd_unit.podman_command is search("--name") + - postgres_local_systemd_unit.podman_command is search("--container-prefix=more") + - postgres_local_systemd_unit.podman_command is search("--pod-prefix=less") + - postgres_local_systemd_unit.podman_command is search("--separator=+") + - postgres_local_systemd_unit.podman_command is search("--no-header") + - postgres_local_systemd_unit.podman_command is search("--after=drink.service") + - postgres_local_systemd_unit.podman_command is search("--wants=water.service") + - postgres_local_systemd_unit.podman_command is search("--requires=ice.service") + - postgres_local_systemd_unit.podman_command is search("/usr/bin/podman") + +- name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: postgres_local + state: absent +- name: Remove the systemd unit files directory + ansible.builtin.file: + path: /tmp/podman_generate_systemd + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_image/files/Containerfile b/ansible_collections/containers/podman/tests/integration/targets/podman_image/files/Containerfile new file mode 100644 index 000000000..d4bd8edb9 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_image/files/Containerfile @@ -0,0 +1,3 @@ +FROM quay.io/coreos/alpine-sh +ENV VAR testing +WORKDIR ${VAR} diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml new file mode 100644 index 000000000..645d0a033 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml @@ -0,0 +1,331 @@ +- name: Test podman_image + block: + - name: Pull image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/alpine-sh + register: pull1 + + - name: Pull image again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/alpine-sh + register: pull2 + + - name: Pull image from docker.io with short url + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/alpine + register: pull3 + + - name: Pull image from docker.io with short url again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/alpine + register: pull4 + + - name: Pull image from docker.io with official/normalised url again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/alpine + register: pull5 + + - name: Pull image for testing image deletion with image id + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + register: pull6 + + - name: List images + command: podman image ls + register: images + + - name: Ensure image were pulled properly + assert: + that: + - pull1 is changed + - pull1.podman_actions is defined + - pull2 is not changed + - pull3 is changed + - pull4 is changed + - pull5 is not changed + - pull6 is changed + - "'alpine-sh' in images.stdout" + - "'library/alpine' in images.stdout" + - "'library/ubuntu' in images.stdout" + + - name: add another tag (repository url) + command: + argv: + - podman + - tag + - quay.io/coreos/alpine-sh + - quay.io/coreos/library/alpine-sh + + - name: Remove image (tag) + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/alpine-sh + state: absent + register: rmi1 + + - name: Remove image again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/alpine-sh + state: absent + register: rmi2 + + - name: Remove image using new repository url + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/library/alpine-sh + state: absent + register: rmi3 + + - name: Try to remove docker.io image using short url + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/alpine + state: absent + register: rmi4 + + - name: Remove docker.io image using normalised url + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/alpine + state: absent + register: rmi5 + + - name: Get image id of the target image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + register: imageinfo + + - name: Remove an image with image id + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item.Id }}" + state: absent + loop: "{{ imageinfo.images }}" + register: rmi6 + + - name: List images + command: podman image ls + register: images + + - name: Ensure image were removed properly + assert: + that: + - rmi1 is changed + - rmi2 is not changed + - rmi3 is changed + - rmi4 is not changed + - rmi5 is changed + - rmi6 is changed + - "'alpine-sh' not in images.stdout" + - "'library/ubuntu' not in images.stdout" + + - name: Pull a specific version of an image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/etcd + tag: v3.3.11 + register: specific_image1 + + - name: Pull a specific version of an image again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/etcd + tag: v3.3.11 + register: specific_image2 + + - name: List images + command: podman image ls + register: images + + - name: Ensure specific image was pulled properly + assert: + that: + - specific_image1 is changed + - specific_image2 is not changed + - "'v3.3.11' in images.stdout" + + - name: Get info about pulled image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: quay.io/coreos/etcd:v3.3.11 + register: sha_image_info + + - name: Pull image with SHA256 tag + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "quay.io/coreos/etcd@{{ sha_image_info.images.0.Digest }}" #quay.io/coreos/coreos-installer:latest + state: present + + - name: Create a build directory with a subdirectory + file: + path: /var/tmp/build/subdir + state: directory + + - name: Copy Containerfile + copy: + src: Containerfile + dest: /var/tmp/build/Dockerfile + + - name: Build OCI image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: testimage + path: /var/tmp/build + register: oci_build1 + + - name: Build OCI image again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: testimage + path: /var/tmp/build + register: oci_build2 + + - name: Build OCI image from a directory without Containerfile (should fail) + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: testimage2 + path: /var/tmp/build/subdir + register: oci_build3 + ignore_errors: true + + - name: Build OCI image, point to location of Containerfile + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: testimage2 + path: /var/tmp/build/subdir + build: + file: /var/tmp/build/Dockerfile + register: oci_build4 + + - name: Inspect first image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: testimage + register: testimage_info + + - name: Inspect second image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: testimage2 + register: testimage2_info + + - name: Ensure OCI images were built properly + assert: + that: + - oci_build1 is changed + - oci_build2 is not changed + - oci_build3 is not changed + - oci_build3 is failed + - oci_build4 is changed + - "'localhost/testimage:latest' in testimage_info.images[0]['RepoTags'][0]" + - "'localhost/testimage2:latest' in testimage2_info.images[0]['RepoTags'][0]" + - "'no such file or directory' in oci_build3.msg" + + - name: Build Docker image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: dockerimage + path: /var/tmp/build + build: + format: docker + register: docker_build1 + + - name: Build Docker image again + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: dockerimage + path: /var/tmp/build + build: + format: docker + register: docker_build2 + + - name: Inspect built image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: dockerimage + register: dockerimage_info + + - name: Ensure Docker image was built properly + assert: + that: + - docker_build1 is changed + - docker_build2 is not changed + - "'localhost/dockerimage:latest' in dockerimage_info.images[0]['RepoTags'][0]" + + - name: push image that doesn't exit to nowhere + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: bad_image + pull: false + push: true + register: bad_push + ignore_errors: true + + - name: Ensure that Image failed correctly. + assert: + that: + - "bad_push is failed" + - "bad_push is not changed" + - "'Failed to find image bad_image' in bad_push.msg" + - "'image pull set to False' in bad_push.msg" + + - name: Pull an image for a specific CPU architecture + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + arch: amd64 + register: pull_arch1 + + - name: Pull the same image for the same CPU architecture + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + arch: amd64 + register: pull_arch2 + + - name: Pull the same image but for another CPU architecture + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + arch: arm + register: pull_arch3 + + - name: Ensure the result of pulling image for another CPU architecture + assert: + that: + - "pull_arch2 is not changed" + - "pull_arch3 is changed" + + - name: Get the image info + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/ubuntu + register: imageinfo_arch + + - name: Ensure the CPU architecture of the image is as expected + assert: + that: + - item.Architecture == "arm" + loop: "{{ imageinfo_arch.images }}" + + always: + - name: Cleanup images + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - docker.io/library/ubuntu + - quay.io/coreos/alpine-sh + - quay.io/coreos/etcd:v3.3.11 + - localhost/testimage + - localhost/testimage2 + - localhost/dockerimage diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml new file mode 100644 index 000000000..105ffcd1f --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml @@ -0,0 +1,66 @@ +- name: Test podman_image_info + block: + + - name: Get info on images when no images + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + register: info_0 + + - name: Check results for no images + assert: + that: + - info_0.images | length == 0 + + - name: Pull image + command: podman pull quay.io/coreos/etcd + + - name: Get info on all images + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + register: all_image_result + + - name: Pull another image + command: podman pull quay.io/coreos/dnsmasq + + - name: Get info on specific image + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: dnsmasq + register: named_image_result + + - name: Check results + assert: + that: + - all_image_result.images | length > 0 + - named_image_result.images | length == 1 + - "'dnsmasq' in named_image_result.images[0]['RepoTags'][0]" + + - name: Get info on single image that does not exist + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: nope + register: single_nonexistant + + - name: Get info on multiple images that do not exist + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: + - nope + - reallynope + register: multiple_nonexistant + + - name: Get info with one image that does not exist + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: + - dnsmasq + - nope + - etcd + register: mixed_nonexistant + + - name: Ensure image info was returned when non-existant image info was requisted + assert: + that: + - single_nonexistant.images | length == 0 + - multiple_nonexistant.images | length == 0 + - mixed_nonexistant.images | length == 2 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml new file mode 100644 index 000000000..db8254e87 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: Test podman import + block: + - name: Start container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + command: sleep 1d + + - name: Export container + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + container: container + dest: /tmp/container + + - name: Check file + stat: + path: /tmp/container + register: img + + - name: Check it's saved + assert: + that: + - img.stat.exists + + - name: Import container + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/container + register: test + + - name: Check it's imported + assert: + that: + - test is success + - test.image["Id"] != '' + + - name: Import container with commit message + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/container + commit_message: 'Test in CI' + register: test1 + + - name: Check it's imported with commit message + assert: + that: + - test1.image.Comment == "Test in CI" + + - name: Import container with changes + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/container + change: + - "User": "someuser" + - "CMD": "/bin/nonsh" + register: test2 + + - name: Check it's imported with changes + assert: + that: + - test2.image.User == 'someuser' + - test2.image["Config"]["Cmd"][2] == "/bin/nonsh" + + always: + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_load/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_load/tasks/main.yml new file mode 100644 index 000000000..087a869a7 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_load/tasks/main.yml @@ -0,0 +1,91 @@ +--- +- name: Pull image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: k8s.gcr.io/pause + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/image.tar + +- name: Load image + containers.podman.podman_load: + executable: "{{ test_executable | default('podman') }}" + input: /tmp/image.tar + register: image + +- name: Check it's loaded + assert: + that: + - image.image != {} + - image.image.NamesHistory.0 == "k8s.gcr.io/pause:latest" + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/imagedir + format: oci-dir + +- name: Load image from oci-dir + containers.podman.podman_load: + executable: "{{ test_executable | default('podman') }}" + input: /tmp/imagedir + register: image + +- name: Check it's loaded + assert: + that: + - image.image != {} + - image.image.NamesHistory.0 == "localhost/tmp/imagedir:latest" + +- name: Save image with multi image archive + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/image2.tar + multi_image_archive: true + +- name: Load image from oci-dir multi image archive + containers.podman.podman_load: + executable: "{{ test_executable | default('podman') }}" + input: /tmp/image2.tar + register: image + +- name: Check it's loaded + assert: + that: + - image.image != {} + - image.image.NamesHistory.0 == "k8s.gcr.io/pause:latest" + +- name: Pull images + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: '{{ item }}' + loop: + - k8s.gcr.io/coredns:1.7.0 + - k8s.gcr.io/echoserver:1.10 + +- name: Clean up multifile + ansible.builtin.file: + path: /tmp/multi.tar + state: absent + +- name: Create multi image file + shell: >- + podman save k8s.gcr.io/coredns:1.7.0 k8s.gcr.io/echoserver:1.10 -o /tmp/multi.tar + +- name: Load image from oci-dir multi image archive + containers.podman.podman_load: + executable: "{{ test_executable | default('podman') }}" + input: /tmp/multi.tar + register: image + +- name: Check it's loaded + assert: + that: + - image.image != {} + - '"k8s.gcr.io/coredns:1.7.0" in image.image.NamesHistory' + - '"k8s.gcr.io/echoserver:1.10" in image.image.NamesHistory' diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_login/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_login/tasks/main.yml new file mode 100644 index 000000000..37c13a6e0 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_login/tasks/main.yml @@ -0,0 +1,50 @@ +- name: Test podman_login + block: + + - name: Print podman version + command: podman version + + - name: Logout from docker if it exists + command: docker logout + ignore_errors: true + + - name: Login with invalid executable + containers.podman.podman_login: + executable: podman_invalid + username: doesntmatter + password: nopassword + register: invalid_executable + ignore_errors: true + + - name: Check invalid executable results + assert: + that: + - invalid_executable is failed + + - name: Wrong login to registry.fedoraproject.org + containers.podman.podman_login: + executable: "{{ test_executable | default('podman') }}" + username: notexist + password: notexistaswell + registry: docker.io + register: loginf + ignore_errors: true + + - name: Check login + assert: + that: + - loginf is failed + + - name: Login to registry.fedoraproject.org + containers.podman.podman_login: + executable: "{{ test_executable | default('podman') }}" + username: foo + password: bar + registry: registry.fedoraproject.org + register: login + ignore_errors: true + + - name: Check login + assert: + that: + - login is not failed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_login_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_login_info/tasks/main.yml new file mode 100644 index 000000000..8ee8366ff --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_login_info/tasks/main.yml @@ -0,0 +1,64 @@ +- name: Test podman_login_info + block: + + - name: Print podman version + command: podman version + + - name: Get login info with invalid executable + containers.podman.podman_login_info: + executable: podman_invalid + registry: quay.io + register: invalid_executable + ignore_errors: true + + - name: Check invalid executable results + assert: + that: + - invalid_executable is failed + + - name: Get login info without specifying registry + containers.podman.podman_login_info: + executable: podman_invalid + register: missing_registry + ignore_errors: true + + - name: Check missing registry results + assert: + that: + - missing_registry is failed + + - name: Get login info for a non-existing registry + containers.podman.podman_login_info: + executable: "{{ test_executable | default('podman') }}" + registry: non-existing.registry + register: non_existing_registry + + - name: Check non-existing registry results + assert: + that: + - "'login' in non_existing_registry" + - non_existing_registry.login + - "'registry' in non_existing_registry.login" + - "'username' in non_existing_registry.login" + - "'logged_in' in non_existing_registry.login" + - "non_existing_registry.login.registry == 'non-existing.registry'" + - "non_existing_registry.login.username == ''" + - "non_existing_registry.login.logged_in == False" + + - name: Get login info for a non-existing authfile + # This will return not logged in even if logged in via different authfile + containers.podman.podman_login_info: + executable: "{{ test_executable | default('podman') }}" + registry: quay.io + authfile: non-existing.authfile.json + register: non_existing_authfile + + - name: Check non-existing authfile results + assert: + that: + - "'login' in non_existing_authfile" + - non_existing_authfile.login + - "'username' in non_existing_authfile.login" + - "'logged_in' in non_existing_authfile.login" + - "non_existing_authfile.login.username == ''" + - "non_existing_authfile.login.logged_in == False" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_logout/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_logout/tasks/main.yml new file mode 100644 index 000000000..e8632d53f --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_logout/tasks/main.yml @@ -0,0 +1,56 @@ +- name: Test podman_logout + block: + + - name: Print podman version + command: podman version + + - name: Logout from docker if it exists + command: docker logout + ignore_errors: true + + - name: Log out with invalid executable + containers.podman.podman_logout: + executable: podman_invalid + register: invalid_executable + ignore_errors: true + + - name: Check invalid executable results + assert: + that: + - invalid_executable is failed + + - name: Log out of non-existing registry + containers.podman.podman_logout: + executable: "{{ test_executable | default('podman') }}" + register: non_existing_registry + ignore_errors: true + + - name: Check results + assert: + that: + - "'changed' in non_existing_registry" + - "non_existing_registry.changed == False" + + - name: Log out with invalid authfile + containers.podman.podman_logout: + executable: "{{ test_executable | default('podman') }}" + authfile: authfile_invalid.json + register: invalid_authfile + ignore_errors: true + + - name: Check invalid authfile results + assert: + that: + - invalid_authfile is failed + + - name: Log out of all registries + containers.podman.podman_logout: + executable: "{{ test_executable | default('podman') }}" + all: true + register: all_registries + + - name: Check results + assert: + that: + - "'changed' in all_registries" + - "all_registries.changed == True" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_network/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_network/tasks/main.yml new file mode 100644 index 000000000..d207e4cef --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_network/tasks/main.yml @@ -0,0 +1,357 @@ +- name: Test podman_network + become: true + block: + + - name: Print podman version + command: podman version + + - name: Check if dnsname plugin is installed + block: + + - name: Check if plugin is installed + stat: + path: "{{ item }}" + loop: + - /usr/libexec/cni/dnsname + - /usr/lib/cni/dnsname + - /opt/cni/bin/dnsname + - /opt/bridge/bin/dnsname + register: plugin_results + + - name: Set plugin fact + set_fact: + dns_plugin: "{{ true in plugin_results.results|map(attribute='stat.exists') }}" + + - name: Generate random value for network name + set_fact: + network_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure network doesn't exist + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: absent + + - name: Get missing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: info + ignore_errors: true + + - name: Check results + assert: + that: + - info is failed + + - name: Create network + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: net + + - name: Get existing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: info1 + + - name: Check info + assert: + that: + - info1 | length > 1 + - info1.networks.0.name == network_name + - net is changed + + - name: Create network again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + register: info2 + + - name: Check info + assert: + that: + - info2 is not changed + + # TODO: Enable it when podman v4 is available in CI + + # - name: Create network with disable DNS + # containers.podman.podman_network: + # executable: "{{ test_executable | default('podman') }}" + # name: "{{ network_name }}" + # state: present + # disable_dns: true + # register: info3 + + # - name: Check info + # assert: + # that: + # - >- + # info3 is changed and dns_plugin|bool or + # info3 is not changed and not dns_plugin|bool + + # - name: Create network with disable DNS again + # containers.podman.podman_network: + # executable: "{{ test_executable | default('podman') }}" + # name: "{{ network_name }}" + # state: present + # disable_dns: true + # register: info4 + + # - name: Check info + # assert: + # that: + # - info4 is not changed + + # - name: Create network w/o disable DNS + # containers.podman.podman_network: + # executable: "{{ test_executable | default('podman') }}" + # name: "{{ network_name }}" + # state: present + # register: info5 + + # - name: Check info + # assert: + # that: + # - >- + # info5 is changed and dns_plugin|bool or + # info5 is not changed and not dns_plugin|bool + + - name: Create network with custom gateway + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + gateway: 10.100.100.100 + subnet: 10.100.100.0/24 + register: info6 + + - name: Check info + assert: + that: + - info6 is changed + ignore_errors: true + # In v4 subnets are added automatically and gateway idempotency is disabled + + - name: Create network with custom gateway again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + gateway: 10.100.100.100 + subnet: 10.100.100.0/24 + register: info7 + + - name: Check info + assert: + that: + - info7 is not changed + + - name: Create internal network + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + internal: true + register: info9 + + - name: Check info + assert: + that: + - info9 is changed + + - name: Create internal network again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + internal: true + register: info10 + + - name: Check info + assert: + that: + - info10 is not changed + + - name: Create a regular external network + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + register: info11 + + - name: Check info + assert: + that: + - info11 is changed + + - name: Create network with subnet + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + subnet: 10.200.200.0/24 + recreate: true + register: info12 + + - name: Check info + assert: + that: + - info12 is changed + # In v4 subnets are added automatically and subnets idempotency is disabled + + - name: Create network with subnet again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + subnet: 10.200.200.0/24 + register: info13 + + - name: Check info + assert: + that: + - info13 is not changed + + - name: Create network with ipv6 subnet + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + subnet: 2001:cafe::/64 + ipv6: true + + - name: Make sure network doesn't exist + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: absent + + - name: Get existing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: info100 + ignore_errors: true + + - name: Check results + assert: + that: + - info100 is failed + + - name: Create network with opts MTU + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + opt: + mtu: 1311 + register: opt1 + + - name: Create network with opts VLAN + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + opt: + vlan: 4000 + register: opt2 + + - name: Create network with opts MTU and VLAN + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + opt: + mtu: 1311 + vlan: 4000 + register: opt3 + + - name: Create network with opts MTU and VLAN again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + opt: + mtu: 1311 + vlan: 4000 + register: opt4 + + - name: Check results for network opts + assert: + that: + - opt1 is changed + - opt2 is changed + - opt3 is changed + - opt4 is not changed + + always: + + - name: Cleanup + command: podman network rm -f {{ network_name }} + ignore_errors: true + +- name: Test podman_network rootless + become: false + block: + + - name: Create network + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: net1 + + - name: Get existing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: info15 + + - name: Check info + assert: + that: + - info15 | length > 1 + - info15.networks.0.name == network_name + - net1 is changed + + - name: Create network again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + state: present + register: info16 + + - name: Check info + assert: + that: + - info16 is not changed + + - name: Create network with IPv6 'exploded' + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + ipv6: true + subnet: fd4f:552c:830f:0000::/64 + state: present + + - name: Create network with IPv6 'exploded' again + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + ipv6: true + subnet: fd4f:552c:830f:0000::/64 + state: present + register: info17 + + - name: Check info + assert: + that: + - info17 is not changed + + always: + + - name: Cleanup + command: podman network rm -f {{ network_name }} + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_network_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_network_info/tasks/main.yml new file mode 100644 index 000000000..f5eb4401a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_network_info/tasks/main.yml @@ -0,0 +1,62 @@ +- name: Test podman_network_info + become: true + block: + + - name: Print podman version + command: podman version + + - name: Generate random value for network name + set_fact: + network_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure network doesn't exist + command: podman network rm {{ network_name }} + ignore_errors: true + + - name: Get missing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: nonexist + ignore_errors: true + + - name: Check results + assert: + that: + - "'networks' not in nonexist" + - nonexist is failed + + - name: Make sure network exists + command: podman network create {{ network_name }} + + - name: Get existing network info + containers.podman.podman_network_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ network_name }}" + register: existing_network + + - name: Dump podman network inspect result + debug: var=existing_network + + - name: Comparison with 'podman network inspect' + command: podman network inspect "{{ network_name }}" + register: podman_inspect + + - name: Convert podman inspect output to JSON + set_fact: + podman_inspect_result: "{{ podman_inspect.stdout | from_json }}" + + - name: Cleanup + command: podman network rm {{ network_name }} + + - name: Make checks + assert: + that: + - "'networks' in existing_network" + - existing_network.networks + - "existing_network.networks == podman_inspect_result" + always: + + - name: Cleanup + command: podman network rm {{ network_name }} + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/envdata.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/envdata.yaml new file mode 100644 index 000000000..7d8ef5d28 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/envdata.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: envdata + namespace: default +data: + var1: somevalue1 + key2: value2 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root1.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root1.yaml new file mode 100644 index 000000000..d96d6a097 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root1.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web-deploy-root + labels: + app: webapp +spec: + selector: + matchLabels: + app: webapp + template: + metadata: + labels: + app: webapp + spec: + containers: + - name: alpinexroot + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 80 + - name: alpineyroot + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 7777 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root3.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root3.yaml new file mode 100644 index 000000000..727e9a155 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-root3.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web-deploy-root + labels: + app: webapp +spec: + selector: + matchLabels: + app: webapp + template: + metadata: + labels: + app: webapp + spec: + containers: + - name: alpinexroot + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 80 + hostPort: 80 + - name: alpineyroot + image: alpine + command: ['sleep', '1d'] + envFrom: + - configMapRef: + name: envdata + ports: + - containerPort: 7777 + hostPort: 7878 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play1.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play1.yaml new file mode 100644 index 000000000..f24f2d497 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play1.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web-deploy + labels: + app: webapp +spec: + selector: + matchLabels: + app: webapp + template: + metadata: + labels: + app: webapp + spec: + containers: + - name: alpinex + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 8080 + - name: alpiney + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 7777 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play3.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play3.yaml new file mode 100644 index 000000000..2d18aec1a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play3.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web-deploy + labels: + app: webapp +spec: + selector: + matchLabels: + app: webapp + template: + metadata: + labels: + app: webapp + spec: + containers: + - name: alpinex + image: alpine + command: ['sleep', '1d'] + envFrom: + - configMapRef: + name: envdata + ports: + - containerPort: 8080 + hostPort: 8080 + - name: alpiney + image: alpine + command: ['sleep', '1d'] + ports: + - containerPort: 7777 + hostPort: 8787 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml new file mode 100644 index 000000000..30f53fa5f --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml @@ -0,0 +1,130 @@ +- name: Test podman play kube + block: + + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_v + + - name: Discover cgroups version + shell: podman info | grep cgroupVersion | awk {'print $2'} + register: cgroups + + - name: Set cgroups version + set_fact: + cgroups_version: "{{ cgroups.stdout }}" + + - name: Copy files to known place + copy: + src: "{{ item }}" + dest: "/tmp/{{ item }}" + remote_src: false + loop: + - play1.yaml + - play3.yaml + - play-root1.yaml + - play-root3.yaml + - envdata.yaml + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - web-deploy + - web-deploy-pod + - web-deploy-pod-0 + + - name: Play kube file + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play1.yaml + state: started + register: play1 + + - name: Play same kube file again + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play1.yaml + state: started + register: play2 + + - name: Check info + assert: + that: + - play1 is changed + - play2 is not changed + + - name: Recreate play + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play1.yaml + state: started + recreate: true + register: play3 + + - name: Check info + assert: + that: + - play3 is changed + + - name: Check 'created' after 'started' + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play1.yaml + state: created + register: play4 + + - name: Check info + assert: + that: + - play4 is not changed + + - name: Run with configmap + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play3.yaml + debug: true + state: started + recreate: true + configmap: + - /tmp/envdata.yaml + register: play5 + + - name: Check info + assert: + that: + - play5 is changed + + - name: Check if pod is running well + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + name: web-deploy-pod + register: info1 + + - name: Check pod info + assert: + that: + - info1['pods'][0]['State'] == 'Running' + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - web-deploy + - web-deploy-pod + - web-deploy-pod-0 + - web-deploy-pod-1 + - web-deploy-pod-2 + +- name: Test idempotency for root pods + include_tasks: root-play.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + args: + apply: + become: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/root-play.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/root-play.yml new file mode 100644 index 000000000..40a05211f --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/root-play.yml @@ -0,0 +1,105 @@ +- name: Test podman rootful pod play + block: + + - name: Discover cgroups version + shell: podman info | grep cgroupVersion | awk {'print $2'} + register: cgroups + + - name: Set cgroups version + set_fact: + cgroups_version: "{{ cgroups.stdout }}" + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - web-deploy-root + - web-deploy-root-pod + - web-deploy-root-pod-0 + + - name: Play kube file + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play-root1.yaml + state: started + register: play1 + + - name: Play same kube file again + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play-root1.yaml + state: started + register: play2 + + - name: Check info + assert: + that: + - play1 is changed + - play2 is not changed + + - name: Recreate play + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play-root1.yaml + state: started + recreate: true + register: play3 + + - name: Check info + assert: + that: + - play3 is changed + + - name: Check 'created' after 'started' + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play-root1.yaml + state: created + register: play4 + + - name: Check info + assert: + that: + - play4 is not changed + + - name: Run with configmap + containers.podman.podman_play: + executable: "{{ test_executable | default('podman') }}" + kube_file: /tmp/play-root3.yaml + state: started + recreate: true + configmap: + - /tmp/envdata.yaml + register: play5 + + - name: Check info + assert: + that: + - play5 is changed + + - name: Check if pod is running well + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + name: web-deploy-root-pod + register: info1 + + - name: Check pod info + assert: + that: + - info1['pods'][0]['State'] == 'Running' + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - web-deploy + - web-deploy-pod + - web-deploy-pod-0 + - web-deploy-pod-1 + - web-deploy-pod-2 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml new file mode 100644 index 000000000..491d4a8a8 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml @@ -0,0 +1,883 @@ +- name: Test podman pod + block: + + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_v + + - name: Set podman version to 1 + set_fact: + podman_version: 1 + when: podman_v.stdout is version('2.0.0', 'lt') + + - name: Set podman version to 2 + set_fact: + podman_version: 2 + when: podman_v.stdout is version('2.0.0', '>=') + + - name: Discover cgroups version + shell: podman info | grep cgroupVersion | awk {'print $2'} + register: cgroups + + - name: Set cgroups version + set_fact: + cgroups_version: "{{ cgroups.stdout }}" + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "pod1" + - "pod2" + + - name: Delete all container leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "container1" + - "container2" + + - name: Create pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + register: pod1_info + + - name: Check info + assert: + that: + - >- + (pod1_info.pod['State']['status'] is defined and + pod1_info.pod['State']['status'] == 'Created') or + (pod1_info.pod['State']['status'] is not defined and + pod1_info.pod['State'] == 'Created') + + - name: Start pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod2_info + + - name: Check info + assert: + that: + - >- + (pod2_info.pod['State']['status'] is defined and + pod2_info.pod['State']['status'] == 'Running') or + (pod2_info.pod['State']['status'] is not defined and + pod2_info.pod['State'] == 'Running') + + # - name: Pause pod + # containers.podman.podman_pod: + # executable: "{{ test_executable | default('podman') }}" + # name: pod1 + # state: paused + # register: pod3_info + # when: cgroups_version == 'v2' + + # - name: Check info + # assert: + # that: + # - >- + # (pod3_info.pod['State']['status'] is defined and + # pod3_info.pod['State']['status'] == 'Paused') or + # (pod3_info.pod['State']['status'] is not defined and + # pod3_info.pod['State'] == 'Paused') + # when: cgroups_version == 'v2' + + # - name: Unpause pod + # containers.podman.podman_pod: + # executable: "{{ test_executable | default('podman') }}" + # name: pod1 + # state: unpaused + # register: pod4_info + # when: cgroups_version == 'v2' + + # - name: Check info + # assert: + # that: + # - >- + # (pod4_info.pod['State']['status'] is defined and + # pod4_info.pod['State']['status'] == 'Running') or + # (pod4_info.pod['State']['status'] is not defined and + # pod4_info.pod['State'] == 'Running') + # when: cgroups_version == 'v2' + + - name: Stop pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: stopped + register: pod5_info + + - name: Check info + assert: + that: + - >- + (pod5_info.pod['State']['status'] is defined and + pod5_info.pod['State']['status'] != 'Running') or + (pod5_info.pod['State']['status'] is not defined and + pod5_info.pod['State'] != 'Running') + + - name: Stop non-existing pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod-notexist + state: stopped + register: pod5a_info + ignore_errors: true + + - name: Check info + assert: + that: + - pod5a_info is failed + + - name: Kill pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: killed + register: pod6_info + + - name: Check info + assert: + that: + - >- + (pod6_info.pod['State']['status'] is defined and + pod6_info.pod['State']['status'] == 'Exited') or + (pod6_info.pod['State']['status'] is not defined and + pod6_info.pod['State'] == 'Exited') + + - name: Start pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod7_info + + - name: Check info + assert: + that: + - >- + (pod7_info.pod['State']['status'] is defined and + pod7_info.pod['State']['status'] == 'Running') or + (pod7_info.pod['State']['status'] is not defined and + pod7_info.pod['State'] == 'Running') + + - name: Start pod again for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod8_info + + - name: Check info + assert: + that: + - pod8_info is not changed + + - name: Restart pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: restarted + register: pod121_info + + - name: Check info + assert: + that: + - pod121_info is changed + + - name: Stop pod before restart + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: stopped + + - name: Restart stopped pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: restarted + register: pod122_info + + - name: Check info + assert: + that: + - pod122_info is changed + + - name: Stop pod with additional config + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: stopped + ports: + - 9484:9483 + register: pod123_info + + - name: Check info + assert: + that: + - pod123_info is changed + - '"podman pod rm -f pod1" not in pod123_info.podman_actions' + + - name: Start pod with ports + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "1901:1901/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.1:12122:8876/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + register: pod9_info + + - name: Check info + assert: + that: + - pod9_info is changed + + - name: Start pod with ports for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + ports: + - "4444:4444/tcp" + - "1212:5555" + - "8888:19191/udp" + - "1901:1901/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.1:12122:8876/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + register: pod10_info + + - name: Check info + assert: + that: + - pod10_info is not changed + + - name: Start pod again for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod11_info + + - name: Check info + assert: + that: + - pod11_info is changed + + - name: Start pod with share + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + share: uts + register: pod12_info + + - name: Check info + assert: + that: + - pod12_info is changed + + - name: Start pod with share for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + share: uts + register: pod13_info + + - name: Check info + assert: + that: + - pod13_info is not changed + + - name: Start pod with default shares + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod15_info + + - name: Check info + assert: + that: + - pod15_info is changed + + - name: Start pod with gidmap and uidmap + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + uidmap: 0:100:65536 + gidmap: 0:100:65536 + state: created + register: pod15_a_info + + - name: Check info + assert: + that: + - pod15_a_info is changed + + - name: Start pod with share for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + uidmap: 0:100:65536 + gidmap: 0:100:65536 + state: created + register: pod15_b_info + + - name: Check info + assert: + that: + - pod15_b_info is not changed + + - name: Start pod with labels + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + label: + key: cval + otherkey: kddkdk + somekey: someval + register: pod16_info + + - name: Check info + assert: + that: + - pod16_info is changed + + - name: Start pod with labels again for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + label: + key: cval + otherkey: kddkdk + somekey: someval + register: pod17_info + + - name: Check info + assert: + that: + - pod17_info is not changed + + - name: Start pod with different labels + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + label: + key: cval + otherkey: 23434dfsd + somekey: someval + register: pod18_info + + - name: Check info + assert: + that: + - pod18_info is changed + + - name: Start pod without labels + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod19_info + + - name: Check info + assert: + that: + - pod19_info is changed + + - name: Start pod with dns and hosts settings + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.1" + dns: + - 1.1.1.1 + dns_opt: + - "option timeout:3" + dns_search: + - "redhat.com" + - "ibm.com" + hostname: happypod + register: pod20_info + + - name: Check info + assert: + that: + - pod20_info is changed + + - name: Start pod with dns and hosts settings again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.1" + dns: + - 1.1.1.1 + dns_opt: + - "option timeout:3" + dns_search: + - "redhat.com" + - "ibm.com" + hostname: happypod + register: pod21_info + + - name: Check info + assert: + that: + - pod21_info is not changed + + - name: Start pod with changed dns + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.1" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:3" + dns_search: + - "redhat.com" + - "ibm.com" + hostname: happypod + register: pod22_info + + - name: Check info + assert: + that: + - pod22_info is changed + + - name: Start pod with changed add host + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:3" + dns_search: + - "redhat.com" + - "ibm.com" + hostname: happypod + register: pod23_info + + - name: Check info + assert: + that: + - pod23_info is changed + + - name: Start pod with changed dns option + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:2" + dns_search: + - "redhat.com" + - "ibm.com" + hostname: happypod + register: pod24_info + + - name: Check info + assert: + that: + - pod24_info is changed + + - name: Start pod with changed dns search + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:2" + dns_search: + - "redhat.com" + hostname: happypod + register: pod25_info + + - name: Check info + assert: + that: + - pod25_info is changed + + - name: Start pod with changed hostname + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:2" + dns_search: + - "redhat.com" + hostname: bestpod + register: pod26_info + + - name: Check info + assert: + that: + - pod26_info is changed + + - name: Start pod with removed dns search + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + dns_opt: + - "option timeout:2" + hostname: bestpod + register: pod27_info + + - name: Check info + assert: + that: + - pod27_info is changed + + - name: Start pod with removed dns option + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + dns: + - 1.1.1.1 + - 2.2.2.2 + hostname: bestpod + register: pod28_info + + - name: Check info + assert: + that: + - pod28_info is changed + + - name: Start pod with removed dns + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + add_host: + - "google:8.8.8.8" + - "site1:127.0.0.2" + hostname: bestpod + register: pod29_info + + - name: Check info + assert: + that: + - pod29_info is changed + + - name: Start pod with removed add host + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + hostname: bestpod + register: pod30_info + + - name: Check info + assert: + that: + - pod30_info is changed + + - name: Start pod without infra + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + infra: false + register: pod31_info + + - name: Check info + assert: + that: + - pod31_info is changed + + - name: Start pod without infra again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + infra: false + register: pod32_info + + - name: Check info + assert: + that: + - pod32_info is not changed + + - name: Start pod with infra + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + register: pod33_info + + - name: Check info + assert: + that: + - pod33_info is changed + + - name: Start pod with different infra image + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + infra_image: alpine:3.9 + register: pod34_info + + - name: Check info + assert: + that: + - pod34_info is changed + + - name: Start pod with different infra image again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + infra_image: alpine:3.9 + register: pod35_info + + - name: Check info + assert: + that: + - pod35_info is not changed + + - name: Start pod2 with default settings + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: created + register: pod36_info + + - name: Run container1 in pod + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + command: top + pod: pod2 + state: started + + - name: Run container2 in pod + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container2 + image: alpine + command: top + pod: pod2 + state: started + + - name: Start pod2 + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: started + generate_systemd: + path: /tmp/dir1 + restart_policy: always + time: 120 + no_header: true + names: true + pod_prefix: poditto + container_prefix: ainer + register: system1 + + - name: Check systemd file exists + stat: + path: /tmp/dir1/poditto-pod2.service + register: podsys_stat + + - name: Check that all settings from systemd are correct + assert: + that: + - system1.podman_systemd.keys() | list | length == 3 + - "'-t 120 ' in system1.podman_systemd['poditto-pod2']" + - "'Restart=always' in system1.podman_systemd['poditto-pod2']" + - "'autogenerated by Podman' not in system1.podman_systemd['poditto-pod2']" + - podsys_stat.stat.exists | bool + + - name: Delete pod2 + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: absent + generate_systemd: + path: /tmp/dir1 + restart_policy: always + time: 120 + no_header: true + names: true + pod_prefix: poditto + container_prefix: ainer + + - name: Check if systemd file exists (should not) + stat: + path: /tmp/dir1/poditto-pod2.service + register: podsys2_stat + + - name: Check that systemd file was removed + assert: + that: + - not podsys2_stat.stat.exists|bool + + - name: Run pod2 with network slirp4netns + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: started + network: slirp4netns:outbound_addr=10.10.10.46 + + - name: Run container1 in pod + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + command: top + pod: pod2 + state: started + + - name: Run pod2 with network slirp4netns - again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: started + network: slirp4netns:outbound_addr=10.10.10.46 + register: slip4net_pod + + - name: Run container1 in pod slirp4netns + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + command: top + pod: pod2 + state: started + register: slip4net_cont + + - name: Check that slirp4netns is idempotent + assert: + that: + - slip4net_pod is not changed + - slip4net_cont is not changed + + - name: Run pod2 with different network slirp4netns + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod2 + state: started + network: slirp4netns:outbound_addr=10.10.10.47 + register: slip4net_pod2 + + - name: Run container1 in different pod slirp4netns + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + command: top + pod: pod2 + state: started + register: slip4net_cont2 + + - name: Check that slirp4netns is idempotent and changed + assert: + that: + - slip4net_pod2 is changed + - slip4net_cont2 is changed + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "pod1" + - "pod2" + + - name: Delete all container leftovers from tests + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "container1" + - "container2" + +- name: Test idempotency for root pods + include_tasks: root-pod.yml + vars: + ansible_python_interpreter: "/usr/bin/python3" + args: + apply: + become: true + +- name: Test idempotency for root pods and networks + include_tasks: net-pod.yml + vars: + ansible_python_interpreter: "/usr/bin/python3" + args: + apply: + become: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml new file mode 100644 index 000000000..3341f52a8 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml @@ -0,0 +1,78 @@ +- name: Test podman rootful pod + block: + + - name: Remove pods + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootnetpod" + state: absent + + - name: Delete all network leftovers from tests + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - testnet + - anothernet + + - name: Create network testnet + command: podman network create testnet --subnet 10.91.91.0/24 + + - name: Create network anothernet + command: podman network create anothernet --subnet 10.71.71.0/24 + + - name: List current networks + command: podman network ls + + - name: Set test data + set_fact: + testdata: + - first_net: host + next_net: bridge + - first_net: bridge + next_net: host + - first_net: anothernet + next_net: testnet + - first_net: testnet + next_net: + - testnet + - anothernet + - first_net: + - testnet + - anothernet + next_net: anothernet + - first_net: + - testnet + - anothernet + next_net: bridge + - first_net: + - testnet + - anothernet + next_net: host + - first_net: host + next_net: anothernet + - first_net: bridge + next_net: + - anothernet + - testnet + + - include_tasks: network-tests.yml + loop: "{{ testdata }}" + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootnetpod" + state: absent + + - name: Delete all network leftovers from tests + containers.podman.podman_network: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - testnet + - anothernet diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/network-tests.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/network-tests.yml new file mode 100644 index 000000000..12b7ae72a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/network-tests.yml @@ -0,0 +1,43 @@ +--- +- name: Remove pod nettest + become: true + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: nettest + state: absent + +- name: Run pod with {{ item.first_net }} + become: true + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: nettest + state: started + network: "{{ item.first_net }}" + +- name: Run pod again with {{ item.first_net }} + become: true + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: nettest + state: started + network: "{{ item.first_net }}" + register: info + +- name: Check info that not changed + assert: + that: + - info is not changed + +- name: Run pod changed from {{ item.first_net }} to {{ item.next_net }} + become: true + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: nettest + state: started + network: "{{ item.next_net }}" + register: info1 + +- name: Check info + assert: + that: + - info1 is changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/root-pod.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/root-pod.yml new file mode 100644 index 000000000..968ec2cf3 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/root-pod.yml @@ -0,0 +1,179 @@ +- name: Test podman rootful pod + block: + + - name: Discover cgroups version + shell: podman info | grep cgroupVersion | awk {'print $2'} + register: cgroups + + - name: Set cgroups version + set_fact: + cgroups_version: "{{ cgroups.stdout }}" + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: absent + + - name: Create and start pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + + - name: Create and start pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + register: pod1_info + + - name: Check info + assert: + that: + - pod1_info is not changed + + - name: Add DNS to pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + dns: + - 1.1.1.1 + register: pod2_info + + - name: Check info + assert: + that: + - pod2_info is changed + + - name: Remove DNS from pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + register: pod3_info + + - name: Check info + assert: + that: + - pod3_info is changed + + - name: Create network newnet + command: podman network create newnet --subnet 10.90.90.0/24 + + - name: Create network net2 + command: podman network create net2 --subnet 10.70.70.0/24 + + - name: Start pod with networks + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + network: + - net2 + - newnet + register: pod4_info + + - name: Check info + assert: + that: + - pod4_info is changed + + - name: Start pod with networks again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + network: + - newnet + - net2 + register: pod5_info + + - name: Check info + assert: + that: + - pod5_info is not changed + + - name: Start pod with one network + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + network: net2 + register: pod6_info + + - name: Check info + assert: + that: + - pod6_info is changed + + - name: Start pod without networks + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: started + register: pod7_info + + - name: Check info + assert: + that: + - pod7_info is changed + + - name: Start pod with ports for idempotency and ipv6 + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + ports: + - "4444:4444/tcp" + - "8888:19191/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.2:7671:7676/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + - "[::1]:8743:8745" + register: pod8_info + + - name: Check info + assert: + that: + - pod8_info is changed + + - name: Start pod with ports for idempotency and ipv6 again + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: started + ports: + - "4444:4444/tcp" + - "8888:19191/udp" + - "127.0.0.1:7671:7676/udp" + - "127.0.0.2:7671:7676/udp" + - "127.0.0.1:13122:8871/tcp" + - "127.0.0.1:43423:8872" + - "[::1]:8743:8745" + register: pod9_info + + - name: Check info + assert: + that: + - pod9_info is not changed + + always: + + - name: Delete all pods leftovers from tests + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "rootpod" + state: absent + + - name: Delete all existing pods + shell: | + podman pod rm -fa; + ignore_errors: true + + - name: Delete all created networks + shell: | + podman network rm -f newnet net2 + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod_info/tasks/main.yml new file mode 100644 index 000000000..9c6066f6e --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod_info/tasks/main.yml @@ -0,0 +1,113 @@ +- name: Test podman_pod_info + block: + + - name: Print podman version + command: podman info --debug + + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_version + + - name: Generate random value for pod name + set_fact: + pod_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure pod doesn't exist + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}" + state: absent + + - name: Get missing pod info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}" + register: nonexist + + - name: Check info for missing pod + assert: + that: + - nonexist.pods == [] + + - name: Get all missing pods info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + register: nonexist2 + + - name: Check info for missing pod + assert: + that: + - nonexist2.pods == [] + + - name: Create test pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}" + + - name: Get all pods info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + register: info + + - name: Check info for pod + assert: + that: + - info.pods | length == 1 + - >- + (info.pods[0]['Config']['name'] is defined and + info.pods[0]['Config']['name'] == pod_name) or + (info.pods[0]['Name'] is defined and + info.pods[0]['Name'] == pod_name) + + - name: Get specific pod info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}" + register: info2 + + - name: Check info for pod + assert: + that: + - info2.pods | length == 1 + - >- + (info2.pods[0]['Config']['name'] is defined and + info2.pods[0]['Config']['name'] == pod_name) or + (info2.pods[0]['Name'] is defined and + info2.pods[0]['Name'] == pod_name) + + - name: Create another test pod + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}_1" + + - name: Get specific another pod info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ pod_name }}" + register: info3 + + - name: Check info for missing pod + assert: + that: + - info3.pods | length == 1 + + - name: Get pods info + containers.podman.podman_pod_info: + executable: "{{ test_executable | default('podman') }}" + register: info4 + + - name: Check info for pods + assert: + that: + - info4.pods | length == 2 + + always: + + - name: Make sure pod doesn't exist + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - "{{ pod_name }}" + - "{{ pod_name }}_1" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_prune/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_prune/tasks/main.yml new file mode 100644 index 000000000..804543fe5 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_prune/tasks/main.yml @@ -0,0 +1,131 @@ +- name: Create random names + ansible.builtin.set_fact: + cname: "{{ 'ansible-container-%0x' % ((2**32) | random) }}" + nname: "{{ 'ansible-network-%0x' % ((2**32) | random) }}" + vname: "{{ 'ansible-volume-%0x' % ((2**32) | random) }}" + +- name: Test podman_prune module + block: + # Create objects to be pruned + - name: Create container + containers.podman.podman_container: + name: "{{ cname }}" + image: quay.io/podman/hello:latest + state: present + register: container + + - name: Create network + containers.podman.podman_network: + name: "{{ nname }}" + state: present + register: network + + - name: Create volume + containers.podman.podman_volume: + name: "{{ vname }}" + state: present + register: volume + + # Prune objects + - name: Prune objects + containers.podman.podman_prune: + container: true + network: true + volume: true + + - name: Check if container exists + containers.podman.podman_container_info: + register: container_exists + + - name: Check if podman network exists + containers.podman.podman_network_info: + register: network_exists + + - name: Check if podman volume exists + containers.podman.podman_volume_info: + register: volume_exists + + - name: Verify assertions for network, container and volume + ansible.builtin.assert: + that: + # containers + - container.container.Id not in container_exists.containers | map(attribute='Name') | list | flatten + # networks + - network.network.name not in network_exists.networks | map(attribute='id') | list | flatten + # volumes + - volume.volume.Name not in volume_exists.volumes | map(attribute='Name') | list | flatten + + # Test with filters + - name: Prune objects with filters + containers.podman.podman_prune: + image: true + image_filters: + dangling_only: false + external: true + + - name: Check if image exists + containers.podman.podman_image_info: + register: image_exists + + - name: Verify assertions for image (with filters) + ansible.builtin.assert: + that: + - image_exists.images | length == 0 + + - name: Create container + containers.podman.podman_container: + name: "{{ cname }}" + image: quay.io/podman/hello:latest + state: present + register: container_system + + - name: Create network + containers.podman.podman_network: + name: "{{ nname }}" + state: present + register: network_system + + - name: Create volume + containers.podman.podman_volume: + name: "{{ vname }}" + state: present + register: volume_system + + - name: System prune + containers.podman.podman_prune: + system: true + system_all: true + system_volumes: true + + - name: Check if container exists + containers.podman.podman_container_info: + register: container_system_exists + + - name: Check if podman network exists + containers.podman.podman_network_info: + register: network_system_exists + + - name: Check if podman volume exists + containers.podman.podman_volume_info: + register: volume_system_exists + + - name: Check if image exists + containers.podman.podman_image_info: + register: image_system_exists + + - name: Verify assertions for system + ansible.builtin.assert: + that: + # container + - container_system.container.Id not in container_system_exists.containers | map(attribute='Name') | list | flatten + # networks + - network_system.network.name not in network_system_exists.networks | map(attribute='id') | list | flatten + # volumes + - volume_system.volume.Name not in volume_system_exists.volumes | map(attribute='Name') | list | flatten + # images + - image_system_exists.images | length == 0 + + always: + - name: Cleanup + ansible.builtin.command: podman system prune -a -f --volumes + ignore_errors: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml new file mode 100644 index 000000000..97c8a66f3 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml @@ -0,0 +1,99 @@ +--- +- name: Pull image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: k8s.gcr.io/pause + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/image.tar + +- name: Check file + stat: + path: /tmp/image.tar + register: img + +- name: Check it's saved + assert: + that: + - img.stat.exists + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/image.tar + force: true + +- name: Check file + stat: + path: /tmp/image.tar + register: img + +- name: Check it's saved + assert: + that: + - img.stat.exists + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/imagedir + format: oci-dir + +- name: Check file + stat: + path: /tmp/imagedir + register: img + +- name: Check it's saved + assert: + that: + - img.stat.exists + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/imagedir-docker + force: true + format: docker-dir + compress: true + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/imagedir + force: true + format: oci-dir + +- name: Check file + stat: + path: /tmp/imagedir + register: img + +- name: Check it's saved + assert: + that: + - img.stat.exists + +- name: Save image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: k8s.gcr.io/pause + dest: /tmp/image2.tar + multi_image_archive: true + +- name: Check file + stat: + path: /tmp/image2.tar + register: img + +- name: Check it's saved + assert: + that: + - img.stat.exists diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml new file mode 100644 index 000000000..c6c90de90 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml @@ -0,0 +1,117 @@ +- name: Test podman_secret + block: + + - name: Make sure secret doesn't exist + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: mysecret + + - name: Create secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + + - name: Recreate secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: super secret content + force: true + register: forced + + - name: Skip secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: super secret content + skip_existing: true + register: skipped + + - name: Check assertions + assert: + that: + - forced is changed + - skipped is not changed + + - name: Create container that uses secret + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: showmysecret + image: alpine:3.7 + secrets: + - mysecret + command: cat /run/secrets/mysecret + detach: false + rm: true + register: container + + - name: Check secret data + assert: + that: + - container.stdout == "super secret content" + + - name: Create container that uses secret with options + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: showmysecret + image: alpine:3.7 + secrets: + - mysecret,type=env,target=SECRET + command: ['/bin/sh', '-c', 'echo $SECRET'] + detach: false + rm: true + register: container + + - name: Check secret data + assert: + that: + - container.stdout == "super secret content\n" + + - name: Remove secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: mysecret + register: removed + + - name: Check removed is changed + assert: + that: + - removed is changed + + - name: Remove secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: mysecret + register: removed + + - name: Check removed is not changed + assert: + that: + - removed is not changed + + - name: Create secret with file driver and custom options + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + driver_opts: + a: b + c: d + + - name: Remove secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: mysecret + + always: + - name: Remove container that uses secret + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: showmysecret + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_tag/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_tag/tasks/main.yml new file mode 100644 index 000000000..ee7a6e254 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_tag/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Test podman tag + block: + - name: Pull image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/alpine + + - name: Tag image + containers.podman.podman_tag: + executable: "{{ test_executable | default('podman') }}" + image: docker.io/library/alpine + target_names: + - openjdk8 + - jdk8 + + - name: Get tagged image info + containers.podman.podman_image_info: + executable: "{{ test_executable | default('podman') }}" + name: docker.io/library/alpine + register: tagged_image_result + + - name: Check results + assert: + that: + - tagged_image_result.images | length == 1 + - "'docker.io/library/alpine' in tagged_image_result.images[0]['RepoTags'][0]" + - "'localhost/openjdk8:latest' in tagged_image_result.images[0]['RepoTags'][1]" + - "'localhost/jdk8:latest' in tagged_image_result.images[0]['RepoTags'][2]" + + always: + - name: Cleanup image + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ item }}" + state: absent + loop: + - docker.io/library/alpine + - localhost/openjdk8 + - localhost/jdk8 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_volume/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_volume/tasks/main.yml new file mode 100644 index 000000000..144a39f63 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_volume/tasks/main.yml @@ -0,0 +1,170 @@ +- name: Test podman_volume + block: + + - name: Print podman version + command: "{{ podman_cmd | default('podman') }} version" + + - name: Generate random value for volume name + set_fact: + volume_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure volume doesn't exist + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent + + - name: Get missing volume info + containers.podman.podman_volume_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: info + ignore_errors: true + + - name: Check results + assert: + that: + - info is failed + + - name: Create volume + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: vol + + - name: Get existing volume info + containers.podman.podman_volume_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: info1 + + - name: Check info + assert: + that: + - info1 | length > 1 + - info1.volumes.0.Name == volume_name + - vol is changed + + - name: Create volume again + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + register: info2 + + - name: Check info + assert: + that: + - info2 is not changed + + - name: Create volume with labels + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + label: + key: val + nokey: noval + register: info3 + + - name: Check info + assert: + that: + - info3 is changed + + - name: Create volume with labels again + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + label: + key: val + nokey: noval + register: info4 + + - name: Check info + assert: + that: + - info4 is not changed + + - name: Create volume w/o labels + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + register: info5 + + - name: Check info + assert: + that: + - info5 is changed + + - name: Create volume with options + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + options: + - "device=/dev/something" + - "type=ext4" + register: info6 + + - name: Check info + assert: + that: + - info6 is changed + + - name: Create volume with options again + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + options: + - "device=/dev/something" + - "type=ext4" + register: info7 + + - name: Check info + assert: + that: + - info7 is not changed + + - name: Create volume w/o options + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + register: info8 + + - name: Check info + assert: + that: + - info8 is changed + + - name: Make sure volume doesn't exist + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent + register: delete + + - name: Get existing volume info + containers.podman.podman_volume_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: info10 + ignore_errors: true + + - name: Check results + assert: + that: + - info10 is failed + - delete.volume == {} + + always: + + - name: Make sure volume doesn't exist + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_volume_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_volume_info/tasks/main.yml new file mode 100644 index 000000000..95fe1fb26 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_volume_info/tasks/main.yml @@ -0,0 +1,71 @@ +- name: Test podman_volume_info + block: + + - name: Print podman version + command: "{{ podman_cmd | default('podman') }} version" + + - name: Generate random value for volume name + set_fact: + volume_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure volume doesn't exist + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent + + - name: Get missing volume info + containers.podman.podman_volume_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: nonexist + ignore_errors: true + + - name: Check results + assert: + that: + - "'volumes' not in nonexist" + - nonexist is failed + + - name: Make sure volume exists + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: present + + - name: Get existing volume info + containers.podman.podman_volume_info: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + register: existing_volume + + - name: Dump podman volume inspect result + debug: var=existing_volume + + - name: Comparison with 'podman volume inspect' + command: "{{ podman_cmd | default('podman') }} volume inspect {{ volume_name }}" + register: podman_inspect + + - name: Convert podman inspect output to JSON + set_fact: + podman_inspect_result: "{{ podman_inspect.stdout | from_json }}" + + - name: Cleanup + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent + + - name: Make checks + assert: + that: + - "'volumes' in existing_volume" + - existing_volume.volumes + - "existing_volume.volumes == podman_inspect_result" + always: + + - name: Cleanup + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: "{{ volume_name }}" + state: absent diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.10.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.10.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.10.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.11.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.11.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.11.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.12.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.12.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.12.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.13.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.13.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.13.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.14.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.14.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.14.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.15.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.15.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.15.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.16.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.16.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.16.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.17.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.17.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.17.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.18.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.18.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.18.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/ignore-2.9.txt b/ansible_collections/containers/podman/tests/sanity/ignore-2.9.txt new file mode 100644 index 000000000..f2f4ca9ca --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/ignore-2.9.txt @@ -0,0 +1,2 @@ +tests/integration/targets/connection_buildah/runme.sh shellcheck:SC2086 +tests/integration/targets/connection_podman/runme.sh shellcheck:SC2086 diff --git a/ansible_collections/containers/podman/tests/sanity/requirements.txt b/ansible_collections/containers/podman/tests/sanity/requirements.txt new file mode 100644 index 000000000..fd9f609dc --- /dev/null +++ b/ansible_collections/containers/podman/tests/sanity/requirements.txt @@ -0,0 +1,8 @@ +packaging # needed for update-bundled and changelog +sphinx ; python_version >= '3.5' # docs build requires python 3+ +sphinx-notfound-page ; python_version >= '3.5' # docs build requires python 3+ +straight.plugin ; python_version >= '3.5' # needed for hacking/build-ansible.py which will host changelog generation and requires python 3+ +voluptuous +yamllint +pylint +virtualenv diff --git a/ansible_collections/containers/podman/tests/unit/plugins/modules/test_common.py b/ansible_collections/containers/podman/tests/unit/plugins/modules/test_common.py new file mode 100644 index 000000000..583e26dee --- /dev/null +++ b/ansible_collections/containers/podman/tests/unit/plugins/modules/test_common.py @@ -0,0 +1,19 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import pytest + +from ansible_collections.containers.podman.plugins.module_utils.podman.common import ( + lower_keys, +) + + +@pytest.mark.parametrize('test_input, expected', [ + (["AAA", "BBB"], ["AAA", "BBB"]), + ("AAQQ", "AAQQ"), + ({"AAA": "AaaAa", "11": 22, "AbCdEf": None, "bbb": "aaaAA"}, + {"aaa": "AaaAa", "11": 22, "abcdef": None, "bbb": "aaaAA"}) +]) +def test_lower_keys(test_input, expected): + print(lower_keys.__code__.co_filename) + assert lower_keys(test_input) == expected diff --git a/ansible_collections/containers/podman/tests/unit/plugins/modules/test_container_lib.py b/ansible_collections/containers/podman/tests/unit/plugins/modules/test_container_lib.py new file mode 100644 index 000000000..20dd4e66c --- /dev/null +++ b/ansible_collections/containers/podman/tests/unit/plugins/modules/test_container_lib.py @@ -0,0 +1,89 @@ +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest + +from ansible_collections.containers.podman.plugins.module_utils.podman.podman_container_lib import ( + PodmanModuleParams, + PodmanContainerDiff, +) + + +@pytest.mark.parametrize( + "test_input, expected", + [ + ( + { + "cap_add": ["SYS_ADMIN"], + "name": "testcont", + "image": "testimage", + "command": None, + }, + [ + b"create", + b"--name", + b"testcont", + b"--cap-add", + b"SYS_ADMIN", + b"testimage", + ], + ), + ( + { + "stop_signal": 9, + "name": "testcont", + "image": "testimage", + "command": None, + "sig_proxy": True, + }, + [ + b"create", + b"--name", + b"testcont", + b"--stop-signal", + b"9", + b"--sig-proxy=True", + b"testimage", + ], + ), + ], +) +def test_container_add_params(test_input, expected): + podm = PodmanModuleParams( + "create", + test_input, + "4.0.0", + None, + ) + assert podm.construct_command_from_params() == expected + + +@pytest.mark.parametrize( + "test_input, expected", + [ + ( + [ + None, # module + {"conmon_pidfile": "bbb"}, # module params + {"conmonpidfile": "ccc"}, # container info + {}, # image info + "4.1.1", # podman version + ], + True, + ), + ( + [ + None, # module + {"conmon_pidfile": None}, # module params + {"conmonpidfile": "ccc"}, # container info + {}, # image info + "4.1.1", # podman version + ], + False, + ), + ], +) +def test_container_diff(test_input, expected): + diff = PodmanContainerDiff(*test_input) + assert diff.diffparam_conmon_pidfile() == expected -- cgit v1.2.3