--- # Copyright Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - name: Ensure podman is installed become: true ansible.builtin.dnf: name: "{{ cifmw_podman_packages }}" state: present - name: Enable loginctl linger for ansible_user_id when: - cifmw_podman_enable_linger | bool ansible.builtin.command: cmd: "loginctl enable-linger {{ cifmw_podman_user_linger }}" - name: Configure User Namespace for EL 10 when: ansible_distribution_major_version is version('10', '==') vars: target_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" sub_id_start: 100000 sub_id_count: 65536 block: - name: "Ensure subordinate UID entry exists for {{ target_user }}" become: true ansible.builtin.lineinfile: path: /etc/subuid line: "{{ target_user }}:{{ sub_id_start }}:{{ sub_id_count }}" state: present create: true mode: '0644' register: subuid_status - name: "Ensure subordinate GID entry exists for {{ target_user }}" become: true ansible.builtin.lineinfile: path: /etc/subgid line: "{{ target_user }}:{{ sub_id_start }}:{{ sub_id_count }}" state: present create: true mode: '0644' register: subgid_status - name: "Run podman system migrate if subuid/subgid files were changed" ansible.builtin.command: cmd: podman system migrate when: subuid_status.changed or subgid_status.changed changed_when: true register: _migrate_status until: _migrate_status.rc not in [1, 125] retries: 10 delay: 10