ansible-pull/roles/podman/tasks/main.yml

---
# tasks file for roles/podman

- name: Ensure NFS client utilities are installed
  ansible.builtin.apt:
    name: nfs-common
    state: present
    update_cache: yes

- name: Create local mount point for Podman NFS data
  ansible.builtin.file:
    path: "{{ podman_data_mount_point }}"
    state: directory
    mode: '0755'
    owner: root
    group: root

- name: Ensure Podman NFS share is mounted and configured in /etc/fstab
  ansible.posix.mount:
    src: "{{ podman_nfs_server }}:{{ podman_nfs_share_path }}"
    path: "{{ podman_data_mount_point }}"
    fstype: nfs
    opts: defaults,hard,intr,noatime,nofail # 'nofail' verhindert, dass der Bootvorgang stoppt, wenn der NFS-Server nicht erreichbar ist.
    state: mounted

- name: Install Podman and related tools
  ansible.builtin.apt:
    name:
      - podman
      - podman-docker # Bietet ein Docker-kompatibles CLI-Interface
      - buildah # Tool zum Erstellen von OCI-Images
      - skopeo # Tool zum Verschieben und Kopieren von Container-Images
    state: present
    update_cache: yes

- name: Ensure Podman systemd socket is enabled and running
  ansible.builtin.systemd:
    name: podman.socket
    state: started
    enabled: yes
  # Dies stellt sicher, dass der Podman-Socket für die Kommunikation verfügbar ist,
  # insbesondere für Tools wie Portainer, die sich mit dem Socket verbinden.

- name: Create Portainer data directory on NFS share
  ansible.builtin.file:
    path: "{{ portainer_data_path }}"
    state: directory
    mode: '0755'
    owner: root
    group: root

- name: Run Portainer container with Podman
  ansible.builtin.command:
    cmd: >
      podman run -d
      --name {{ portainer_name }}
      --restart=always
      -p {{ portainer_edge_agent_port }}:8000
      -p {{ portainer_web_port }}:9443
      -p {{ portainer_legacy_port }}:9000
      -v /run/podman/podman.sock:/var/run/docker.sock # Map Podman socket to Docker socket path for Portainer compatibility
      -v {{ portainer_data_path }}:/data
      {{ portainer_image }}
    creates: "{{ portainer_data_path }}/portainer.db" # Checks if the Portainer database file exists to ensure idempotency
  warn: false # Suppresses the warning that the 'command' module is used for operations that should be idempotent
  # Verbesserungsvorschlag: Für eine robustere Container-Verwaltung könnte das Modul
  # `community.general.podman_container` verwendet werden, falls die `community.general`-Collection installiert ist.
  # Beispiel:
  # - name: Run Portainer container with Podman (using podman_container module)
  #   community.general.podman_container:
  #     name: "{{ portainer_name }}"
  #     image: "{{ portainer_image }}"
  #     state: started
  #     restart_policy: always
  #     ports:
  #       - "{{ portainer_edge_agent_port }}:8000"
  #       - "{{ portainer_web_port }}:9443"
  #       - "{{ portainer_legacy_port }}:9000"
  #     volume:
  #       - "/run/podman/podman.sock:/var/run/docker.sock"
  #       - "{{ portainer_data_path }}:/data"