ansible-podman-collections
ansible-podman-collections copied to clipboard
Published
20 hours ago •
containers
containers
podman_container with generate_systemd does not update image tag in systemd unit file
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Not sure if it's a feature that me and my colleague didn't expect (systemd units arenot overwritten), or a bug.
Description
Sometimes, when using podman_container , after I update the image tag in the image field or add volumes, the changes do not get reflected on the systemd unit file. Note that a unit file already exists, and that the debug logs clearly show the fields are accounted for by Ansible task, but do not make it to the unit file.
Steps to reproduce the issue:
-
Generate a systemd unit with the podman_container task
-
Update some fields
-
Re-run the job
Describe the results you received: Systemd unit file is based on old task filed.
Describe the results you expected: Systemd unit file is using the new values.
Additional information you deem important (e.g. issue happens only occasionally): Note that this does not always happen, it can sometimes work, but it seems to happen only on certain projects that do not look like they have anything special when we investigate.
Version of the containers.podman collection:
happens on both 1.10.2 and 1.9.4
Either git commit if installed from git: git show --summary
commit 33b28086ec551cbbd3970d6deb5ac8bab567d202 (HEAD, tag: 1.9.4)
Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman
1.10.2
Output of ansible --version:
ansible [core 2.15.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/quentin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.11/site-packages/ansible
ansible collection location = /home/quentin/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/sbin/ansible
python version = 3.11.3 (main, Jun 5 2023, 09:32:32) [GCC 13.1.1 20230429] (/usr/bin/python)
jinja version = 3.1.2
libyaml = True
Output of podman version:
podman version 4.4.1 (remote version)
Output of podman info --debug: (taken from one of the remote server that is the target of this task)
host:
arch: amd64
buildahVersion: 1.29.0
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.1.6-1.module+el8.8.0+18098+9b44df5f.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.6, commit: 8c4ab5a095127ecc96ef8a9c885e0e1b14aeb11b'
cpuUtilization:
idlePercent: 97.3
systemPercent: 1.3
userPercent: 1.4
cpus: 4
distribution:
distribution: '"rhel"'
version: "8.8"
eventLogger: file
hostname: ********************
idMappings:
gidmap:
- container_id: 0
host_id: 32964
size: 1
- container_id: 1
host_id: 493216
size: 65536
uidmap:
- container_id: 0
host_id: 1203
size: 1
- container_id: 1
host_id: 493216
size: 65536
kernel: 4.18.0-477.15.1.el8_8.x86_64
linkmode: dynamic
logDriver: k8s-file
memFree: 287870976
memTotal: 8070377472
networkBackend: cni
ociRuntime:
name: runc
package: runc-1.1.4-1.module+el8.8.0+18060+3f21f2cc.x86_64
path: /usr/bin/runc
version: |-
runc version 1.1.4
spec: 1.0.2-dev
go: go1.19.4
libseccomp: 2.5.2
os: linux
remoteSocket:
path: /run/user/1203/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_SYS_CHROOT,CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-2.module+el8.8.0+18060+3f21f2cc.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.2
swapFree: 1068756992
swapTotal: 2147479552
uptime: 672h 6m 30.00s (Approximately 28.00 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.access.redhat.com
- registry.redhat.io
- docker.io
store:
configFile: /opt/mount1/*******/.config/containers/storage.conf
containerStore:
number: 9
paused: 0
running: 3
stopped: 6
graphDriverName: overlay
graphOptions: {}
graphRoot: /opt/mount1/******/.local/share/containers/storage
graphRootAllocated: 150246264832
graphRootUsed: 2861006848
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 3
runRoot: /tmp/containers-user-1203/containers
transientStore: false
volumePath: /opt/mount1/*****/.local/share/containers/storage/volumes
version:
APIVersion: 4.4.1
Built: 1686839996
BuiltTime: Thu Jun 15 14:39:56 2023
GitCommit: ""
GoVersion: go1.19.6
Os: linux
OsArch: linux/amd64
Version: 4.4.1
Package info (e.g. output of rpm -q podman or apt list podman):
podman-4.4.1-14.module+el8.8.0+19108+ffbdcd02.x86_64
Playbok you run with ansible (e.g. content of playbook.yaml):
- name: Deploy ***********
hosts: myapp
become: yes
become_user: "{{ remote_server_user }}"
become_method: su
become_exe: sudo su -
vars_files:
- vars/variables.yml
- vars/credentials.yml
tasks:
- name: Get user uid
shell: id -u
register: user_id
tags: myapp
- name: Get home folder path
shell: "echo $HOME"
register: home_dir
tags: myapp
- name: Ensure the myappfolder exists
file:
path: "{{ home_dir.stdout }}/myapp/"
state: directory
mode: "0774"
tags: myapp
- name: Ensure the myapp config script exists
copy:
content: ""
dest: "{{ home_dir.stdout }}/myapp/.myapprc"
force: false
mode: "0664"
tags: myapp
- name: Ensure the certif folder exists
file:
path: "{{ home_dir.stdout }}/certificates"
state: directory
mode: "0774"
tags: myapp
- name: Log in to the container image registry
containers.podman.podman_login:
registry: "{{ container_registry }}"
username: "{{ container_registry_user }}"
password: "{{ container_registry_password }}"
tags: myapp
- name: Pull the container image
containers.podman.podman_image:
name: "{{ my_app_container_image }}"
tag: "{{ my_app_container_image_tag }}"
tags: myapp
- name: Get the container working directory
shell: "podman run {{ my_app_container_image }}:{{ my_app_container_image_tag }} pwd"
register: "container_dir"
tags: myapp
- name: Ensure a myapp container is started
containers.podman.podman_container:
name: myapp
image: "{{ my_app_container_image }}:{{ my_app_container_image_tag }}"
generate_systemd:
path: "{{ home_dir.stdout }}/.config/systemd/user"
restart_policy: "always"
new: true
network: "host"
volumes:
- "{{ home_dir.stdout }}/myapp/.myapprc:{{ container_dir.stdout }}/.myapprc"
- "{{ home_dir.stdout }}/certificates:{{ container_dir.stdout }}/certs:z"
log_driver: "journald"
log_opt:
tag: "myapp"
tags: myapp
- name: Enable systemd user service
ansible.builtin.shell: |
systemctl --user daemon-reload
systemctl --user enable container-myapp
systemctl --user restart container-myapp
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user_id.stdout }}"
tags: myapp
Command line and output of ansible run with high verbosity
Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:
ansible-playbook -i inventory --diff -vv playbook.yml
TASK [Ensure a myapp container is started] ***********************************************************************************************************************task path: /mnt/c/Users/QuentinFaidide/Documents/Dev/myapp-app/deployment/deploy_myapp.yml:62
<myserver.myhost.net> ESTABLISH SSH CONNECTION FOR USER: faqu970
<myserver.myhost.net> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' myserver.myhost.net '/bin/sh -c '"'"'echo ~faqu970 && sleep 0'"'"''
<myserver.myhost.net> (0, b'/home/faqu970\n', b'')
<myserver.myhost.net> ESTABLISH SSH CONNECTION FOR USER: faqu970
<myserver.myhost.net> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' myserver.myhost.net '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865 `" && echo ansible-tmp-1693317396.1586604-8834-275775841071865="` echo /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865 `" ) && sleep 0'"'"''
<myserver.myhost.net> (0, b'ansible-tmp-1693317396.1586604-8834-275775841071865=/var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865\n', b'')
Using module file /home/quentin/.ansible/collections/ansible_collections/containers/podman/plugins/modules/podman_container.py
<myserver.myhost.net> PUT /home/quentin/.ansible/tmp/ansible-local-8659s_xfv44g/tmp9m_2lfqg TO /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/AnsiballZ_podman_container.py
<myserver.myhost.net> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' '[myserver.myhost.net]'
<myserver.myhost.net> (0, b'sftp> put /home/quentin/.ansible/tmp/ansible-local-8659s_xfv44g/tmp9m_2lfqg /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/AnsiballZ_podman_container.py\n', b'')
<myserver.myhost.net> ESTABLISH SSH CONNECTION FOR USER: faqu970
<myserver.myhost.net> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' myserver.myhost.net '/bin/sh -c '"'"'setfacl -m u:app_user:r-x /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/ /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/AnsiballZ_podman_container.py && sleep 0'"'"''
<myserver.myhost.net> (0, b'', b'')
<myserver.myhost.net> ESTABLISH SSH CONNECTION FOR USER: faqu970
<myserver.myhost.net> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' -tt myserver.myhost.net '/bin/sh -c '"'"'sudo su - app_user -c '"'"'"'"'"'"'"'"'/bin/sh -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-apzysbnslloztrssrjlipatpbfsuaipr ; /usr/libexec/platform-python /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/AnsiballZ_podman_container.py'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<myserver.myhost.net> (0, b'\r\n{"changed": true, "actions": ["recreated myapp"], "container": {"Id": "2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95", "Created": "2023-08-29T13:56:42.254804828Z", "Path": "pm2-runtime", "Args": ["-i", "0", "--max-memory-restart", "400M", "--name", "myapp-app", "./lib/myapp-app.js"], "State": {"OciVersion": "1.1.0-rc.1", "Status": "stopping", "Running": false, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 3746838, "ConmonPid": 3746827, "ExitCode": 0, "Error": "", "StartedAt": "2023-08-29T13:56:42.51400817Z", "FinishedAt": "0001-01-01T00:00:00Z", "Health": {"Status": "", "FailingStreak": 0, "Log": null}, "CheckpointedAt": "0001-01-01T00:00:00Z", "RestoredAt": "0001-01-01T00:00:00Z"}, "Image": "14409308eb572b3b7a33e33d5adfffdda41b8273e8f8026507928866e97e23f2", "ImageDigest": "sha256:c90b73eebcd41a21d7f682fb875c436cd4ca27d0684c3c8d6bb991799a6e440d", "ImageName": "myserver.myhost.net/myapp-app:v2.1.1-container2", "Rootfs": "", "Pod": "", "ResolvConfPath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/resolv.conf", "HostnamePath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/hostname", "HostsPath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/hosts", "StaticDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata", "OCIConfigPath": "/opt/mount1/app_user/.local/share/containers/storage/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/config.json", "OCIRuntime": "runc", "ConmonPidFile": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/conmon.pid", "PidFile": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/pidfile", "Name": "myapp", "RestartCount": 0, "Driver": "overlay", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "EffectiveCaps": ["CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "BoundingCaps": ["CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "ExecIDs": [], "GraphDriver": {"Name": "overlay", "Data": {"LowerDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/359b909a30e4a1ae2725591d28b62cf68c6c9d290d93ac5f6854d2c0aafc7e55/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/8c2df8c216c3be8829c1c085f89bf2b448425aec53847ef144d5739a759a54ed/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/994747de14b689d9865fd165b9a3c79f40dbc16635cc362c55946a2f6e236ff1/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/30a4828d27f79a4e1e9f438880e31d12985905898229e78224af058c7fb6e767/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/96e65f3db162dca4e2e5052f03f161df1690e1ff5023cd662a04a1275a02f961/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/21c7691a8ee4057792e6dbdbc77e839f67ee7337d8743c2c7410078bef66b78a/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/b61e5ed27f707ca925fea525a7b5bba0480f1caabf5f637c85050c844b601934/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/611d8a3a70547a891098c95bcd748f62d0fd6ca8b9975ce74fd6423428986da7/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/49cadbcf63c6222b74f40b632ac94be8a330e5fdf1030e9cb84465f4c9aaa317/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/a2ae92ffcd29f7ededa0320f4a4fd709a723beae9a4e681696874932db7aee2c/diff", "MergedDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/merged", "UpperDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/diff", "WorkDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/work"}}, "Mounts": [{"Type": "bind", "Source": "/opt/mount1/app_user/myapp/.myapprc", "Destination": "/usr/src/app/.myapprc", "Driver": "", "Mode": "", "Options": ["rbind"], "RW": true, "Propagation": "rprivate"}, {"Type": "bind", "Source": "/opt/mount1/app_user/certificates", "Destination": "/usr/src/app/certs", "Driver": "", "Mode": "", "Options": ["rbind"], "RW": true, "Propagation": "rprivate"}], "Dependencies": [], "NetworkSettings": {"EndpointID": "", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": {}, "SandboxKey": ""}, "Namespace": "", "IsInfra": false, "IsService": false, "Config": {"Hostname": "myserver.myhost.net", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": ["NPM_CONFIG_LOGLEVEL=info", "NODE_VERSION=6.9.5", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "container=podman", "HOME=/root", "HOSTNAME=myserver.myhost.net"], "Cmd": ["pm2-runtime", "-i", "0", "--max-memory-restart", "400M", "--name", "myapp-app", "./lib/myapp-app.js"], "Image": "myserver.myhost.net/myapp-app:v2.1.1-container2", "Volumes": null, "WorkingDir": "/usr/src/app", "Entrypoint": "", "OnBuild": null, "Labels": {"io.buildah.version": "1.31.0"}, "Annotations": {"io.container.manager": "libpod", "org.opencontainers.image.base.digest": "sha256:cf454b60ee452473f963f60ff18ba75b8e900174aae9bf0e8051e5a83db85b30", "org.opencontainers.image.base.name": "docker.io/library/node:6.9.5", "org.opencontainers.image.stopSignal": "15"}, "StopSignal": 15, "HealthcheckOnFailureAction": "none", "CreateCommand": ["podman", "container", "run", "--name", "myapp", "--network", "host", "--log-driver", "journald", "--log-opt", "tag=myapp", "--volume", "/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc", "--volume", "/opt/mount1/app_user/certificates:/usr/src/app/certs:z", "--detach=True", "myserver.myhost.net/myapp-app:v2.1.1-container2"], "Umask": "0022", "Timeout": 0, "StopTimeout": 10, "Passwd": true, "sdNotifyMode": "container"}, "HostConfig": {"Binds": ["/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc:rw,rprivate,rbind", "/opt/mount1/app_user/certificates:/usr/src/app/certs:rw,rprivate,rbind"], "CgroupManager": "cgroupfs", "CgroupMode": "host", "ContainerIDFile": "", "LogConfig": {"Type": "journald", "Config": null, "Path": "", "Tag": "myapp", "Size": "0B"}, "NetworkMode": "host", "PortBindings": {}, "RestartPolicy": {"Name": "", "MaximumRetryCount": 0}, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": [], "CapDrop": [], "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IpcMode": "shareable", "Cgroup": "", "Cgroups": "default", "Links": null, "OomScoreAdj": 0, "PidMode": "private", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": [], "Tmpfs": {}, "UTSMode": "private", "UsernsMode": "", "ShmSize": 65536000, "Runtime": "oci", "ConsoleSize": [0, 0], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": 0, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": [], "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "CgroupConf": null}}, "podman_actions": ["podman stop myapp", "podman rm -f myapp", "podman run --name myapp --network host --log-driver journald --log-opt tag=myapp --volume /opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc --volume /opt/mount1/app_user/certificates:/usr/src/app/certs:z --detach=True
myserver.myhost.net/myapp-app:v2.1.1-container2"], "stdout": "2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95\\n", "stderr": "", "podman_systemd": {"container-myapp": "# container-myapp.service\\n# autogenerated by Podman 4.4.1\\n# Tue Aug 29 13:56:42 UTC 2023\\n\\n[Unit]\\nDescription=Podman container-myapp.service\\nDocumentation=man:podman-generate-systemd(1)\\nWants=network-online.target\\nAfter=network-online.target\\nRequiresMountsFor=%t/containers\\n\\n[Service]\\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\\nRestart=always\\nTimeoutStopSec=70\\nExecStart=/usr/bin/podman container run \\\\\\n\\t--cidfile=%t/%n.ctr-id \\\\\\n\\t--cgroups=no-conmon \\\\\\n\\t--rm \\\\\\n\\t--sdnotify=conmon \\\\\\n\\t--replace \\\\\\n\\t--name myapp \\\\\\n\\t--network host \\\\\\n\\t--log-driver journald \\\\\\n\\t--log-opt tag=myapp \\\\\\n\\t--volume /opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc \\\\\\n\\t--volume /opt/mount1/app_user/certificates:/usr/src/app/certs:z \\\\\\n\\t--detach=True myserver.myhost.net/myapp-app:v2.1.1-container\\nExecStop=/usr/bin/podman stop \\\\\\n\\t--ignore -t 10 \\\\\\n\\t--cidfile=%t/%n.ctr-id\\nExecStopPost=/usr/bin/podman rm \\\\\\n\\t-f \\\\\\n\\t--ignore -t 10 \\\\\\n\\t--cidfile=%t/%n.ctr-id\\nType=notify\\nNotifyAccess=all\\n\\n[Install]\\nWantedBy=default.target\\n"}, "invocation": {"module_args": {"name": "myapp", "image": "myserver.myhost.net/myapp-app:v2.1.1-container2", "generate_systemd": {"path": "/opt/mount1/app_user/.config/systemd/user", "restart_policy": "always", "new": true}, "network": ["host"], "volumes": ["/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc", "/opt/mount1/app_user/certificates:/usr/src/app/certs:z"], "log_driver": "journald", "log_opt": {"tag": "myapp", "max_size": null, "path": null}, "volume": ["/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc", "/opt/mount1/app_user/certificates:/usr/src/app/certs:z"], "executable": "podman", "state": "started", "detach": true, "debug": false, "force_restart": false, "image_strict": false, "recreate": false, "annotation": null, "authfile": null, "blkio_weight": null, "blkio_weight_device": null, "cap_add": null, "cap_drop": null, "cgroup_parent": null, "cgroupns": null, "cgroups": null, "cidfile": null, "cmd_args": null, "conmon_pidfile": null, "command": null, "cpu_period": null, "cpu_rt_period": null, "cpu_rt_runtime": null, "cpu_shares": null, "cpus": null, "cpuset_cpus": null, "cpuset_mems": null, "detach_keys": null, "device": null, "device_read_bps": null, "device_read_iops": null, "device_write_bps": null, "device_write_iops": null, "dns": null, "dns_option": null, "dns_search": null, "entrypoint": null, "env": null, "env_file": null, "env_host": null, "etc_hosts": null, "expose": null, "gidmap": null, "group_add": null, "healthcheck": null, "healthcheck_interval": null, "healthcheck_retries": null, "healthcheck_start_period": null, "healthcheck_timeout": null, "hostname": null, "http_proxy": null, "image_volume": null, "init": null, "init_path": null, "interactive": null, "ip": null, "ipc": null, "kernel_memory": null, "label": null, "label_file": null, "log_level": null, "mac_address": null, "memory": null, "memory_reservation": null, "memory_swap": null, "memory_swappiness": null, "mount": null, "network_aliases": null, "no_hosts": null, "oom_kill_disable": null, "oom_score_adj": null, "pid":
null, "pids_limit": null, "pod": null, "privileged": null, "publish": null, "publish_all": null, "read_only": null, "read_only_tmpfs": null, "requires": null, "restart_policy": null, "rm": null, "rootfs": null, "secrets": null, "security_opt": null, "shm_size": null, "sig_proxy": null, "stop_signal": null, "stop_timeout": null, "subgidname": null, "subuidname": null, "sysctl": null, "systemd": null, "timezone": null, "tmpfs": null, "tty": null, "uidmap": null, "ulimit": null, "user":
null, "userns": null, "uts": null, "volumes_from": null, "workdir": null}}}\r\n', b'Shared connection to myserver.myhost.net closed.\r\n')
<myserver.myhost.net> ESTABLISH SSH CONNECTION FOR USER: faqu970
<myserver.myhost.net> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="faqu970"' -o ConnectTimeout=10 -o 'ControlPath="/home/quentin/.ansible/cp/28e4ede5e1"' myserver.myhost.net '/bin/sh -c '"'"'rm -f -r /var/tmp/ansible-tmp-1693317396.1586604-8834-275775841071865/ > /dev/null 2>&1 &&
sleep 0'"'"''
<myserver.myhost.net> (0, b'', b'')
changed: [myapp_01] => {
"actions": [
"recreated myapp"
],
"changed": true,
"container": {
"AppArmorProfile": "",
"Args": [
"-i",
"0",
"--max-memory-restart",
"400M",
"--name",
"myapp-app",
"./lib/myapp-app.js"
],
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"Config": {
"Annotations": {
"io.container.manager": "libpod",
"org.opencontainers.image.base.digest": "sha256:cf454b60ee452473f963f60ff18ba75b8e900174aae9bf0e8051e5a83db85b30",
"org.opencontainers.image.base.name": "docker.io/library/node:6.9.5",
"org.opencontainers.image.stopSignal": "15"
},
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"pm2-runtime",
"-i",
"0",
"--max-memory-restart",
"400M",
"--name",
"myapp-app",
"./lib/myapp-app.js"
],
"CreateCommand": [
"podman",
"container",
"run",
"--name",
"myapp",
"--network",
"host",
"--log-driver",
"journald",
"--log-opt",
"tag=myapp",
"--volume",
"/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc",
"--volume",
"/opt/mount1/app_user/certificates:/usr/src/app/certs:z",
"--detach=True",
"myserver.myhost.net/myapp-app:v2.1.1-container2"
],
"Domainname": "",
"Entrypoint": "",
"Env": [
"NPM_CONFIG_LOGLEVEL=info",
"NODE_VERSION=6.9.5",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=podman",
"HOME=/root",
"HOSTNAME=myserver.myhost.net"
],
"HealthcheckOnFailureAction": "none",
"Hostname": "myserver.myhost.net",
"Image": "myserver.myhost.net/myapp-app:v2.1.1-container2",
"Labels": {
"io.buildah.version": "1.31.0"
},
"OnBuild": null,
"OpenStdin": false,
"Passwd": true,
"StdinOnce": false,
"StopSignal": 15,
"StopTimeout": 10,
"Timeout": 0,
"Tty": false,
"Umask": "0022",
"User": "",
"Volumes": null,
"WorkingDir": "/usr/src/app",
"sdNotifyMode": "container"
},
"ConmonPidFile": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/conmon.pid",
"Created": "2023-08-29T13:56:42.254804828Z",
"Dependencies": [],
"Driver": "overlay",
"EffectiveCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Data": {
"LowerDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/359b909a30e4a1ae2725591d28b62cf68c6c9d290d93ac5f6854d2c0aafc7e55/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/8c2df8c216c3be8829c1c085f89bf2b448425aec53847ef144d5739a759a54ed/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/994747de14b689d9865fd165b9a3c79f40dbc16635cc362c55946a2f6e236ff1/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/30a4828d27f79a4e1e9f438880e31d12985905898229e78224af058c7fb6e767/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/96e65f3db162dca4e2e5052f03f161df1690e1ff5023cd662a04a1275a02f961/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/21c7691a8ee4057792e6dbdbc77e839f67ee7337d8743c2c7410078bef66b78a/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/b61e5ed27f707ca925fea525a7b5bba0480f1caabf5f637c85050c844b601934/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/611d8a3a70547a891098c95bcd748f62d0fd6ca8b9975ce74fd6423428986da7/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/49cadbcf63c6222b74f40b632ac94be8a330e5fdf1030e9cb84465f4c9aaa317/diff:/opt/mount1/app_user/.local/share/containers/storage/overlay/a2ae92ffcd29f7ededa0320f4a4fd709a723beae9a4e681696874932db7aee2c/diff",
"MergedDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/merged",
"UpperDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/diff",
"WorkDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay/1f7cd129d2805a8bcc2bc7863c0f764ac96f54f66918fd7720fdf2a7957cbe73/work"
},
"Name": "overlay"
},
"HostConfig": {
"AutoRemove": false,
"Binds": [
"/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc:rw,rprivate,rbind",
"/opt/mount1/app_user/certificates:/usr/src/app/certs:rw,rprivate,rbind"
],
"BlkioDeviceReadBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceWriteIOps": null,
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"CapAdd": [],
"CapDrop": [],
"Cgroup": "",
"CgroupConf": null,
"CgroupManager": "cgroupfs",
"CgroupMode": "host",
"CgroupParent": "",
"Cgroups": "default",
"ConsoleSize": [
0,
0
],
"ContainerIDFile": "",
"CpuCount": 0,
"CpuPercent": 0,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpuShares": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IOMaximumBandwidth": 0,
"IOMaximumIOps": 0,
"IpcMode": "shareable",
"Isolation": "",
"KernelMemory": 0,
"Links": null,
"LogConfig": {
"Config": null,
"Path": "",
"Size": "0B",
"Tag": "myapp",
"Type": "journald"
},
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"NanoCpus": 0,
"NetworkMode": "host",
"OomKillDisable": false,
"OomScoreAdj": 0,
"PidMode": "private",
"PidsLimit": 0,
"PortBindings": {},
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": ""
},
"Runtime": "oci",
"SecurityOpt": [],
"ShmSize": 65536000,
"Tmpfs": {},
"UTSMode": "private",
"Ulimits": [],
"UsernsMode": "",
"VolumeDriver": "",
"VolumesFrom": null
},
"HostnamePath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/hostname",
"HostsPath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/hosts",
"Id": "2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95",
"Image": "14409308eb572b3b7a33e33d5adfffdda41b8273e8f8026507928866e97e23f2",
"ImageDigest": "sha256:c90b73eebcd41a21d7f682fb875c436cd4ca27d0684c3c8d6bb991799a6e440d",
"ImageName": "myserver.myhost.net/myapp-app:v2.1.1-container2",
"IsInfra": false,
"IsService": false,
"MountLabel": "",
"Mounts": [
{
"Destination": "/usr/src/app/.myapprc",
"Driver": "",
"Mode": "",
"Options": [
"rbind"
],
"Propagation": "rprivate",
"RW": true,
"Source": "/opt/mount1/app_user/myapp/.myapprc",
"Type": "bind"
},
{
"Destination": "/usr/src/app/certs",
"Driver": "",
"Mode": "",
"Options": [
"rbind"
],
"Propagation": "rprivate",
"RW": true,
"Source": "/opt/mount1/app_user/certificates",
"Type": "bind"
}
],
"Name": "myapp",
"Namespace": "",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "",
"Ports": {},
"SandboxID": "",
"SandboxKey": ""
},
"OCIConfigPath": "/opt/mount1/app_user/.local/share/containers/storage/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/config.json",
"OCIRuntime": "runc",
"Path": "pm2-runtime",
"PidFile": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/pidfile",
"Pod": "",
"ProcessLabel": "",
"ResolvConfPath": "/run/user/1203/containers/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata/resolv.conf",
"RestartCount": 0,
"Rootfs": "",
"State": {
"CheckpointedAt": "0001-01-01T00:00:00Z",
"ConmonPid": 3746827,
"Dead": false,
"Error": "",
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"Health": {
"FailingStreak": 0,
"Log": null,
"Status": ""
},
"OOMKilled": false,
"OciVersion": "1.1.0-rc.1",
"Paused": false,
"Pid": 3746838,
"Restarting": false,
"RestoredAt": "0001-01-01T00:00:00Z",
"Running": false,
"StartedAt": "2023-08-29T13:56:42.51400817Z",
"Status": "stopping"
},
"StaticDir": "/opt/mount1/app_user/.local/share/containers/storage/overlay-containers/2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95/userdata"
},
"invocation": {
"module_args": {
"annotation": null,
"authfile": null,
"blkio_weight": null,
"blkio_weight_device": null,
"cap_add": null,
"cap_drop": null,
"cgroup_parent": null,
"cgroupns": null,
"cgroups": null,
"cidfile": null,
"cmd_args": null,
"command": null,
"conmon_pidfile": null,
"cpu_period": null,
"cpu_rt_period": null,
"cpu_rt_runtime": null,
"cpu_shares": null,
"cpus": null,
"cpuset_cpus": null,
"cpuset_mems": null,
"debug": false,
"detach": true,
"detach_keys": null,
"device": null,
"device_read_bps": null,
"device_read_iops": null,
"device_write_bps": null,
"device_write_iops": null,
"dns": null,
"dns_option": null,
"dns_search": null,
"entrypoint": null,
"env": null,
"env_file": null,
"env_host": null,
"etc_hosts": null,
"executable": "podman",
"expose": null,
"force_restart": false,
"generate_systemd": {
"new": true,
"path": "/opt/mount1/app_user/.config/systemd/user",
"restart_policy": "always"
},
"gidmap": null,
"group_add": null,
"healthcheck": null,
"healthcheck_interval": null,
"healthcheck_retries": null,
"healthcheck_start_period": null,
"healthcheck_timeout": null,
"hostname": null,
"http_proxy": null,
"image": "myserver.myhost.net/myapp-app:v2.1.1-container2",
"image_strict": false,
"image_volume": null,
"init": null,
"init_path": null,
"interactive": null,
"ip": null,
"ipc": null,
"kernel_memory": null,
"label": null,
"label_file": null,
"log_driver": "journald",
"log_level": null,
"log_opt": {
"max_size": null,
"path": null,
"tag": "myapp"
},
"mac_address": null,
"memory": null,
"memory_reservation": null,
"memory_swap": null,
"memory_swappiness": null,
"mount": null,
"name": "myapp",
"network": [
"host"
],
"network_aliases": null,
"no_hosts": null,
"oom_kill_disable": null,
"oom_score_adj": null,
"pid": null,
"pids_limit": null,
"pod": null,
"privileged": null,
"publish": null,
"publish_all": null,
"read_only": null,
"read_only_tmpfs": null,
"recreate": false,
"requires": null,
"restart_policy": null,
"rm": null,
"rootfs": null,
"secrets": null,
"security_opt": null,
"shm_size": null,
"sig_proxy": null,
"state": "started",
"stop_signal": null,
"stop_timeout": null,
"subgidname": null,
"subuidname": null,
"sysctl": null,
"systemd": null,
"timezone": null,
"tmpfs": null,
"tty": null,
"uidmap": null,
"ulimit": null,
"user": null,
"userns": null,
"uts": null,
"volume": [
"/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc",
"/opt/mount1/app_user/certificates:/usr/src/app/certs:z"
],
"volumes": [
"/opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc",
"/opt/mount1/app_user/certificates:/usr/src/app/certs:z"
],
"volumes_from": null,
"workdir": null
}
},
"podman_actions": [
"podman stop myapp",
"podman rm -f myapp",
"podman run --name myapp --network host --log-driver journald --log-opt tag=myapp --volume /opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc --volume /opt/mount1/app_user/certificates:/usr/src/app/certs:z --detach=True myserver.myhost.net/myapp-app:v2.1.1-container2"
],
"podman_systemd": {
"container-myapp": "# container-myapp.service\n# autogenerated by Podman 4.4.1\n# Tue Aug 29 13:56:42 UTC 2023\n\n[Unit]\nDescription=Podman container-myapp.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=%t/containers\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=always\nTimeoutStopSec=70\nExecStart=/usr/bin/podman container run \\\n\t--cidfile=%t/%n.ctr-id \\\n\t--cgroups=no-conmon \\\n\t--rm \\\n\t--sdnotify=conmon \\\n\t--replace \\\n\t--name myapp \\\n\t--network host \\\n\t--log-driver journald \\\n\t--log-opt tag=myapp \\\n\t--volume /opt/mount1/app_user/myapp/.myapprc:/usr/src/app/.myapprc \\\n\t--volume /opt/mount1/app_user/certificates:/usr/src/app/certs:z \\\n\t--detach=True myserver.myhost.net/myapp-app:v2.1.1-container\nExecStop=/usr/bin/podman stop \\\n\t--ignore -t 10 \\\n\t--cidfile=%t/%n.ctr-id\nExecStopPost=/usr/bin/podman rm \\\n\t-f \\\n\t--ignore -t 10 \\\n\t--cidfile=%t/%n.ctr-id\nType=notify\nNotifyAccess=all\n\n[Install]\nWantedBy=default.target\n"
},
"stderr": "",
"stderr_lines": [],
"stdout": "2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95\n",
"stdout_lines": [
"2b67b52179826e208b540dd75697583c15f4226b8bef32665aa4cd8024c60a95"
]
}
Read vars_file 'vars/variables.yml'
Read vars_file 'vars/credentials.yml'
Additional environment details (AWS, VirtualBox, physical, etc.): Virtual machine in a private cloud. Machine using strange agents that interract with the network like McAffee services.
Change are not reflected on a unit file or in the container? I think there is a race condition, related to #585 since you use flag new: true
I believe both are unchanged. I tried playing with the new flag and reapplying the playbook, and it still would not update. What worked though was to stop the unit, remove the unit files, and let it generate a brand new unit file and container. It then works even if I make another change without deleting the unit files.
If you leave this issue open and need more input, and it reproduces, my teammates will try to set the `restart_sec: 5`` and will let you know here on how it goes. (will leave my current position tomorrow and won't have access to the stack anymore)
Yeah, leaving it opened until we find an appropriate solution for new: true.
I can confirm that restart_sec works for me to keep it idempotent.
Example:
#Part of the play
- name: Create example container
containers.podman.podman_container:
name: "example"
image: "yourImage"
state: "created"
image_strict: true
rm: true
publish: "8080:8080"
detach: true
privileged: false
read_only: true
tty: false
user: "1090:1090"
userns: "keep-id"
become_user: "myappuser"
notify:
- restart example
- name: Generate systemd unit file for example container
containers.podman.podman_generate_systemd:
dest: "/home/myappuser/.config/systemd/user"
name: "example"
new: true
no_header: true
restart_sec: 10
restart_policy: "always"
become_user: "myappuser"
notify:
- restart example
#Role Handler:
- name: restart example
ansible.builtin.systemd:
name: "container-example.service"
state: "restarted"
scope: "user"
daemon_reload: true
become_user: "myappuser"
environment:
XDG_RUNTIME_DIR: "/run/user/1090"
I can confirm that
restart_secworks for me to keep it idempotent.Example:
#Part of the play - name: Create example container containers.podman.podman_container: name: "example" image: "yourImage" state: "created" image_strict: true rm: true publish: "8080:8080" detach: true privileged: false read_only: true tty: false user: "1090:1090" userns: "keep-id" become_user: "myappuser" notify: - restart example - name: Generate systemd unit file for example container containers.podman.podman_generate_systemd: dest: "/home/myappuser/.config/systemd/user" name: "example" new: true no_header: true restart_sec: 10 restart_policy: "always" become_user: "myappuser" notify: - restart example#Role Handler: - name: restart example ansible.builtin.systemd: name: "container-example.service" state: "restarted" scope: "user" daemon_reload: true become_user: "myappuser" environment: XDG_RUNTIME_DIR: "/run/user/1090"
can confirm here aswell, it was strange not seeing the service file update with the new image tag version, but using: image_strict: True really helped to update the systemd service file accordingly (specify in containers.podman.podman_container)
restart_sec: 10 (this is needed or your systemd file still won't be updated) Specified in containers.podman.podman_generate_systemd
Thank you for sharing :)
