Role - edpm-podman

osp.edpm.edpm_podman role – The main entry point for the edpm_podman role.

Entry point main – The main entry point for the edpm_podman role.

Synopsis

Parameters

Parameter

Comments

edpm_buildah_packages

list / elements=string

Name of buildah package to be installed.

Default: ["buildah"]

edpm_container_default_network_backend

string

Default: "netavark"

edpm_container_default_pids_limit

integer

Default: 4096

edpm_container_default_runtime

string

Default: "crun"

edpm_container_events_logger_mechanism

string

Default: "journald"

edpm_container_registry_insecure_registries

list / elements=string

Default: []

edpm_container_registry_login

boolean

Choices:

  • false ← (default)

  • true

edpm_container_registry_logins

dictionary

Default: {}

edpm_podman_auth_file

string

Location of authentication file to be used by podman.

Default: "~/.config/containers/auth.json"

edpm_podman_buildah_login

boolean

Choices:

  • false ← (default)

  • true

edpm_podman_default_network_config

dictionary

This is the default network configuration except the range has been moved from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an existing cloud

Default: {"cniVersion": "0.4.0", "name": "podman", "plugins": [{"bridge": "cni-podman0", "hairpinMode": true, "ipMasq": true, "ipam": {"ranges": [{"gateway": "10.255.255.1", "subnet": "10.255.255.0/24"}], "routes": [{"dst": "0.0.0.0/0"}], "type": "host-local"}, "isGateway": true, "type": "bridge"}, {"capabilities": {"portMappings": true}, "type": "portmap"}, {"type": "firewall"}, {"type": "tuning"}]}

edpm_podman_disconnected_ocp

boolean

Indicates whether the OCP environment we’re deployed from is using a custom registry and specifically a ImageContentSourcePolicy to set registry mirrors.

Choices:

  • false ← (default)

  • true

edpm_podman_download_delay

integer

The seconds between retries for failed download tasks

Default: 5

edpm_podman_download_retries

integer

The number of retries for failed download tasks

Default: 5

edpm_podman_enable_socket

boolean

Choices:

  • false ← (default)

  • true

edpm_podman_hide_sensitive_logs

boolean

Defaults to true unless the “hide_sensitive_logs” variable is set. If it is it takes a precedence.

Choices:

  • false

  • true ← (default)

edpm_podman_kube_registry_url

string

The kubernetes registry URL that will be used for login when edpm_podman_login_kube_registry is true.

Default: "default-route-openshift-image-registry.apps-crc.testing"

edpm_podman_kube_sa_path

string

The path to the serviceaccount directory on the ansible controller node.

Default: "/run/secrets/kubernetes.io/serviceaccount"

edpm_podman_login_kube_registry

boolean

Enable or disable logging into a kubernetes registry using service account credentials on the ansible controller node.

Choices:

  • false ← (default)

  • true

edpm_podman_packages

list / elements=string

Name of podman package to be installed

Default: ["podman"]

edpm_podman_purge_packages

list / elements=string

Default: []

edpm_podman_registries

list / elements=string

edpm_podman_registries requires a list of dictionaries Example: # edpm_podman_registries: # - prefix: quay.io # insecure: false # location: quay.io # mirrors: # - location: 192.168.0.1:8787 # insecure: true # - prefix: registry.redhat.io # insecure: false # location: registry.redhat.io # mirrors: # - location: 192.168.0.2:8787 # insecure: false # - prefix: registry.fedoraproject.org # blocked: true

Default: []

edpm_podman_registries_conf

string

The registries.conf file contents that we will use on each node

Default: ""

edpm_podman_service_unit_description

string

Default: "Podman API service for EDPM purposes"

edpm_podman_service_unit_name

string

Default: "edpm_podman.service"

edpm_podman_socket_path

path

Default: "/var/lib/edpm-podman/podman.sock"

edpm_podman_systemd_drop_in_dependencies

boolean

Tell the edpm_container_manage to inject additional ordering dependencies for the systemd scopes associated to podman containers.

Choices:

  • false

  • true ← (default)

edpm_podman_unqualified_search_registries

list / elements=string

List of package registries

Default: ["registry.redhat.io", "registry.access.redhat.com", "registry.fedoraproject.org", "registry.centos.org", "quay.io"]