Using Ansible to configure Podman containers

Photo by Marta Markes on Unsplash

In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With the help of Ansible, you can perform all of the tasks through a remote host executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux, and how to use it to manage and configure Podman containers. 

Ansible

Ansible is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrator’s job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you don’t have to install anything on managed nodes. For more information about Ansible, see the Ansible tag in Fedora Magazine.

Podman

Podman is an open source container engine which is used for developing, managing and running container images. But what is a container? Every time you create any new application and deploy it either on physical servers, cloud servers or virtual machines, the most common problems which you face are portability and compatibility. This is where containers come into the picture. Containers virtualize at the OS level so they only contain required libraries and app services. The benefits of containers include:

  • portabilty 
  • isolation
  • scaling
  • light weight
  • fast boot up
  • smaller disk and memory requirements

In a nutshell: when you build a container image for any application, all of the required dependencies are packed into the container. You can now run that container on any host OS without any portability and compatibility issues.

The key highlight of Podman is that it is daemon-less, and so does not require root privileges to run containers. You can build the container images with the help of a Dockerfile or pull images from Docker Hub, fedoraproject.org or Quay. For more information about Podman, see the Podman tag in Fedora Magazine.

Why configure Podman with Ansible?

Ansible provides a way to easily run repetitive tasks many times. It also has tons of modules for cloud providers like AWS, GCP, and Azure, for container management tools like Docker and Podman, and also for database management. Ansible also has a community (Ansible Galaxy) where you can find tons of Ansible roles created by contributors from all over the world. All of this makes Ansible a great tool for DevOps engineers and system administrators.

With DevOps, the development of applications is fast-paced. Developing applications which can run on any operating system is essential. This is where Podman comes into picture.

Installing ansible

First, install Ansible:

$ sudo dnf install ansible -y

Configuring ansible

Ansible needs ssh to work on managed nodes, so first generate a key pair.

$ ssh-keygen

Once the key is generated, copy the key to the managed node.

Editors note: From the Ansible documentation found at https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#connections the following can be done to use Ansibles ssh-agent for setting up ssh keys. 
$ ssh-agent bash 
$ ssh-add ~/.ssh/id_rsa

Enter yes and enter the password of the managed node. Now your managed host can be accessed remotely.

For ansible to access managed nodes, you need to store all hostnames or IP addresses in an inventory file. By default, this is in ~/etc/ansible/hosts.

This is what the inventory file looks like. Here square brackets are used to assign groups to some specific nodes.

[group1]
green.example.com
blue.example.com
[group2]
192.168.100.11
192.168.100.10

Check that all managed nodes can be reached.

$ ansible all -m ping

You should see output like this:

[mahesh@fedora new] $ ansible all -m ping
fedora.example.com I SUCCESS {
    "ansibe_facts": {
       "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

[mahesh@fedora new] $

Now create your first playbook which will install Podman on managed nodes. First create a file with any name with .yml extension.

$ vim name_of_playbook.yml

The playbook should look something like below. The first field is name for the playbook. The hosts field is used to mention hostname or group name mentioned in inventory. become: yes indicates escalating privileges and tasks contain all the tasks that are going to execute, here name specifies task name, yum is module to install packages, below that specify name of package in name field and state is for installing or removing the package.


– name: First playbook
   hosts: fedora.example.com
   become: yes
  tasks:
    – name: Installing podman.
      yum:
        name: podman
       state: present

Check for any syntax errors in the file.

$ ansible-playbook filename --syntax-check

Now run the playbook.

$ ansible-playbook filename

You should get output like this:

[mahesh@fedora new] $ ansible-playbook podman_installation.yml
PLAY [First playbook] *************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
0k: [fedora.example.com]

TASK [Installing podman] ************************************************************************************************
changed: [fedora.example.com]

PLAY RECAP *************************************************************************************************
fedora.example.com    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
[mahesh@fedora new] $

Now create a new playbook which pulls an image from Docker Hub. You’ll use the podman_image module to pull the httpd image of version 2-alpine from Docker Hub.

--- 
- name: Playbook for podman.
    hosts: fedora.example.com
  tasks:
    - name: Pull httpd:2-alpine image from dockerhub.
      podman_image:
       name: docker.io/httpd
      tag: 2-alpine

Now check the pulled image.

[mahesh@fedora new] $ podman images
REPOSITORY           TAG       IMAGE ID           CREATED       SIZE
docker.io/library/httpd       2-alpine         fa848876521a    11 days ago        57 MB

[mahesh@fedora new] $  

Create a new playbook to run the httpd image. See the podman_container module documentation for more information.

--- 
- name: Playbook for podman.
   hosts: fedora.example.com
   tasks:
    - name: Running httpd image.
      containers.podman.podman_container:
       name: my-first-container
      image:  docker.io/httpd:2-alpine
       state: started

Check that the container is running.

[mahesh@fedora new] $ podman ps
CONTAINER ID     IMAGE   COMMAND   CREATED      STATUS   PORTS   NAMES    
45d966eOe207     docker.io/library/httpd:2-alpine    httpd-foreground    13 seconds ago    Up 13 seconds ago       my-first-container

[mahesh@fedora new] $

Now to stop the running container, change the state value from started to absent.

    - name: Stopping httpd container.
      containers.podman.podman_container:
       name: my-first-container
       image:  docker.io/httpd:2-alpine
       state: absent

When you run the podman ps command, you won’t see any containers running.

[mahesh@fedora new] $ podman ps
CONTAINER ID    IMAGE    COMMAND    CREATED    STATUS    PORTS    NAMES

[mahesh@fedora new] $

There are so many things that are possible with podman_container like recreating containers, restarting containers, checking whether container is running or not and many more. See the documentation for information on performing these actions.

For System Administrators

10 Comments

  1. Bruno

    Nice topics, there is a typo in “become: yes indicates and ….” I guess should be “become: yes indicates running as root and …”
    Also there is a “package” module that is more generic than “yum” a big part of Ansible is to be distribution agnostic.

    • Hello Bruno, thanks for the typo catch. ‘become:yes’ actually escalates privileges as now noted in the article. To become root, you use ‘become_user(root):’

  2. Andrii

    looks like guys from podman don’t very care about that they have unstable and buggy release candidate in fedora stable repository

  3. Niko

    will be nice to explain how to create a new podman container with ansible.
    I mean provision a new podman container in plain ansible.

  4. Simon

    You lost an ssh-copy-id command maybe?

  5. Peter Oliver

    I think that should be:

    sudo dnf install -y ansible ansible-collection-containers-podman
  6. Abby

    Hi,

    I configured myself as follows :

    name: Podman Deploy
    hosts: hosts1
    become: yes

    tasks:

    name: Podman container state
    containers.podman.podman_container_info:
    name:
    register: result
    name: Stop a container osm-backend
    containers.podman.podman_container:
    name:
    state: stopped
    when: result.stderr == “Error*”
    name: Remove container osm-backend
    containers.podman.podman_container:
    name:
    state: absent
    when: result.stderr == “Error*”
    name: osm-backend image remove
    containers.podman.podman_image:
    name: my-registry/
    state: absent
    name: Deploy osm-backend container
    containers.podman.podman_container:
    name: osm-backend
    image: my-registry/
    ports:

    “4000:4000”
    network:
    bridge0
    ip:
    restart_policy: always

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions