Use podman 4.4, netavark 1.4 and aardvark-dns 1.4
This commit is contained in:
parent
bce3f8c9ab
commit
a68f89cd03
@ -1,11 +1,24 @@
|
|||||||
- name: Install base packages
|
# code: language=ansible
|
||||||
|
|
||||||
|
- name: Install base packages from distro package manager
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name:
|
name:
|
||||||
- podman
|
- fuse-overlayfs
|
||||||
- podman-docker
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
# http://ftp.us.debian.org/debian/pool/main/
|
||||||
|
- name: Install packages from debian unstable repository
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
deb: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- http://ftp.us.debian.org/debian/pool/main/n/netavark/netavark_1.4.0-3_amd64.deb
|
||||||
|
- http://ftp.us.debian.org/debian/pool/main/a/aardvark-dns/aardvark-dns_1.4.0-3_amd64.deb
|
||||||
|
- http://ftp.us.debian.org/debian/pool/main/libp/libpod/podman_4.4.0+ds1-1_amd64.deb
|
||||||
|
- http://ftp.us.debian.org/debian/pool/main/libp/libpod/podman-docker_4.4.0+ds1-1_amd64.deb
|
||||||
|
|
||||||
- name: Add the 'containers' user
|
- name: Add the 'containers' user
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
@ -18,7 +31,7 @@
|
|||||||
|
|
||||||
- name: Add admin pub keys to authorized_keys
|
- name: Add admin pub keys to authorized_keys
|
||||||
become: true
|
become: true
|
||||||
ansible.posix.authorized_keys:
|
ansible.posix.authorized_key:
|
||||||
user: containers
|
user: containers
|
||||||
key: "{{ item }}"
|
key: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
@ -39,7 +52,7 @@
|
|||||||
become: true
|
become: true
|
||||||
ansible.posix.sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.ipv4.ip_unprivileged_port_start
|
name: net.ipv4.ip_unprivileged_port_start
|
||||||
value: "80"
|
value: "20"
|
||||||
sysctl_set: true
|
sysctl_set: true
|
||||||
|
|
||||||
- name: Enable podman socket
|
- name: Enable podman socket
|
||||||
@ -65,13 +78,22 @@
|
|||||||
dest: /etc/containers/containers.conf
|
dest: /etc/containers/containers.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Change podman default subnet
|
- name: Set podman default subnet into small /24 networks
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/containers/containers.conf
|
path: /etc/containers/containers.conf
|
||||||
regex: "^(.*)default_subnet = (.*)$"
|
regex: "^(.*)default_subnet = (.*)$"
|
||||||
line: 'default_subnet = "172.16.0.0/24"'
|
line: 'default_subnet = "172.16.0.0/24"'
|
||||||
|
|
||||||
|
- name: Force podman netavark network backend instead of CNI
|
||||||
|
become: true
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/containers/containers.conf
|
||||||
|
regexp: "^(.*)network_backend = (.*)$"
|
||||||
|
insertafter: "\\[network\\]"
|
||||||
|
line: 'network_backend = "netavark"'
|
||||||
|
# If regular expressions are passed to both regexp and insertafter, insertafter is only honored if no match for regexp is found.
|
||||||
|
|
||||||
# - name: Reboot
|
# - name: Reboot
|
||||||
# become: true
|
# become: true
|
||||||
# ansible.builtin.reboot:
|
# ansible.builtin.reboot:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user