Use podman 4.4, netavark 1.4 and aardvark-dns 1.4
This commit is contained in:
parent
bce3f8c9ab
commit
a68f89cd03
@ -1,11 +1,24 @@
|
||||
- name: Install base packages
|
||||
# code: language=ansible
|
||||
|
||||
- name: Install base packages from distro package manager
|
||||
become: true
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- podman
|
||||
- podman-docker
|
||||
- fuse-overlayfs
|
||||
state: present
|
||||
|
||||
# http://ftp.us.debian.org/debian/pool/main/
|
||||
- name: Install packages from debian unstable repository
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
deb: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- http://ftp.us.debian.org/debian/pool/main/n/netavark/netavark_1.4.0-3_amd64.deb
|
||||
- http://ftp.us.debian.org/debian/pool/main/a/aardvark-dns/aardvark-dns_1.4.0-3_amd64.deb
|
||||
- http://ftp.us.debian.org/debian/pool/main/libp/libpod/podman_4.4.0+ds1-1_amd64.deb
|
||||
- http://ftp.us.debian.org/debian/pool/main/libp/libpod/podman-docker_4.4.0+ds1-1_amd64.deb
|
||||
|
||||
- name: Add the 'containers' user
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
@ -18,7 +31,7 @@
|
||||
|
||||
- name: Add admin pub keys to authorized_keys
|
||||
become: true
|
||||
ansible.posix.authorized_keys:
|
||||
ansible.posix.authorized_key:
|
||||
user: containers
|
||||
key: "{{ item }}"
|
||||
state: present
|
||||
@ -39,7 +52,7 @@
|
||||
become: true
|
||||
ansible.posix.sysctl:
|
||||
name: net.ipv4.ip_unprivileged_port_start
|
||||
value: "80"
|
||||
value: "20"
|
||||
sysctl_set: true
|
||||
|
||||
- name: Enable podman socket
|
||||
@ -65,13 +78,22 @@
|
||||
dest: /etc/containers/containers.conf
|
||||
mode: 0644
|
||||
|
||||
- name: Change podman default subnet
|
||||
- name: Set podman default subnet into small /24 networks
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/containers/containers.conf
|
||||
regex: "^(.*)default_subnet = (.*)$"
|
||||
line: 'default_subnet = "172.16.0.0/24"'
|
||||
|
||||
- name: Force podman netavark network backend instead of CNI
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/containers/containers.conf
|
||||
regexp: "^(.*)network_backend = (.*)$"
|
||||
insertafter: "\\[network\\]"
|
||||
line: 'network_backend = "netavark"'
|
||||
# If regular expressions are passed to both regexp and insertafter, insertafter is only honored if no match for regexp is found.
|
||||
|
||||
# - name: Reboot
|
||||
# become: true
|
||||
# ansible.builtin.reboot:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user