From 6ecdeb7ea0be47d62ac5ad64123782bf37684eda Mon Sep 17 00:00:00 2001
From: jwhb <jwhy@jwhy.de>
Date: Tue, 28 Jul 2020 12:12:58 +0200
Subject: [PATCH 1/2] feature: add --pod support

---
 README.md                |  3 +++
 defaults/main.yml        |  1 +
 tasks/main.yml           |  3 +++
 tasks/podman_pods.yml    | 21 +++++++++++++++++++++
 templates/podman.service |  3 +++
 5 files changed, 31 insertions(+)
 create mode 100644 tasks/podman_pods.yml

diff --git a/README.md b/README.md
index ca10bdd..6ef7d1d 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,9 @@ podman_services:
     # If the network does not exist it will be created. This can be used to allow
     # multiple services to network with each other. See Networking for caveats
     network: somenetwork
+    # Optional: String name of the pod to be passed to --pod flag.
+    # If the pod does not exist it will be created.
+    pod: somepod
     # Optional: List of volumes to mount. Takes the same form as the
     # podman CLI host-directory:container-directory and as shown below
     # mount options are allowed.
diff --git a/defaults/main.yml b/defaults/main.yml
index 5e3eb02..64f9cbd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,4 @@ podman_tools:
     - buildah
     - skopeo
 podman_services: []
+podman_pods: []
diff --git a/tasks/main.yml b/tasks/main.yml
index 8027e71..03d7f48 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -26,6 +26,9 @@
   include_tasks: ubuntu.yml
   when: ansible_distribution == "Ubuntu"
 
+- name: Include tasks to create pods
+  include_tasks: podman_pods.yml
+
 - include_tasks: podman_service.yml
   loop: "{{ podman_services }}"
   loop_control:
diff --git a/tasks/podman_pods.yml b/tasks/podman_pods.yml
new file mode 100644
index 0000000..41b8907
--- /dev/null
+++ b/tasks/podman_pods.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Determine list of required pods
+  set_fact:
+    podman_pods: "{{ podman_pods }} + [ '{{ service.pod }}' ]"
+  when: service.pod is defined
+  loop: "{{ podman_services }}"
+  loop_control:
+    loop_var: service
+
+- name: Get list of pods
+  shell: podman pod ps --format {% raw %}'{{.Name}}'{% endraw %}
+  register: podman_pod_ps
+  when: podman_pods | length > 0
+
+- name: Create required pods
+  loop: "{{podman_pods}}"
+  loop_control:
+    loop_var: pod
+  when: pod not in podman_pod_ps.stdout_lines
+  shell: podman pod create --name "{{pod}}"
diff --git a/templates/podman.service b/templates/podman.service
index f94c684..edcf9cb 100644
--- a/templates/podman.service
+++ b/templates/podman.service
@@ -23,6 +23,9 @@ ExecStart=/usr/bin/podman run \
                           {% if service.network is defined %}
                           --network {{ service.network }}
                           {% endif %}
+                          {% if service.pod is defined %}
+                          --pod {{ service.pod }} \
+                          {% endif %}
                           {% if service.publish is defined %}
                           {% for publish in service.publish %}
                           --publish {{ publish }} \

From c81fa0696cf37ddaa1cd95c31868f5ee1d2664a2 Mon Sep 17 00:00:00 2001
From: jwhb <jwhy@jwhy.de>
Date: Tue, 28 Jul 2020 14:40:59 +0200
Subject: [PATCH 2/2] extend pod feature to publish ports

---
 README.md                |  5 ++++-
 defaults/main.yml        |  1 -
 tasks/main.yml           | 10 ++++++----
 tasks/podman_pods.yml    | 31 +++++++++++++++++++++----------
 templates/podman.service |  4 ++--
 5 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 6ef7d1d..cd60c9b 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,10 @@ podman_services:
     network: somenetwork
     # Optional: String name of the pod to be passed to --pod flag.
     # If the pod does not exist it will be created.
-    pod: somepod
+    # If you specify a port map (optional) it will be passed to --publish.
+    pod:
+      name: somepod
+      ports: [80: 80, 443: 443]
     # Optional: List of volumes to mount. Takes the same form as the
     # podman CLI host-directory:container-directory and as shown below
     # mount options are allowed.
diff --git a/defaults/main.yml b/defaults/main.yml
index 64f9cbd..5e3eb02 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,4 +8,3 @@ podman_tools:
     - buildah
     - skopeo
 podman_services: []
-podman_pods: []
diff --git a/tasks/main.yml b/tasks/main.yml
index 03d7f48..c711a4b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,13 +9,15 @@
     state: directory
     path: /etc/containers
 
-# Podman uses this, on at least Ubuntu, to do port publishing.
-- name: Ensure iptables is installed
+# Podman uses iptables, on at least Ubuntu, to do port publishing.
+- name: Ensure required packages are installed
   become: true
   become_user: root
   package:
-    name: iptables
-    state: present
+    name: "{{item}}"
+  loop:
+    - iptables
+    - jq
 
 - name: Include tasks for Red Hat OS family
   include_tasks: redhat.yml
diff --git a/tasks/podman_pods.yml b/tasks/podman_pods.yml
index 41b8907..0ce0c9b 100644
--- a/tasks/podman_pods.yml
+++ b/tasks/podman_pods.yml
@@ -1,21 +1,32 @@
 ---
 
-- name: Determine list of required pods
-  set_fact:
-    podman_pods: "{{ podman_pods }} + [ '{{ service.pod }}' ]"
+- name: Determine list of required pods and ports
   when: service.pod is defined
   loop: "{{ podman_services }}"
   loop_control:
     loop_var: service
+  set_fact:
+    podman_pods: "{{ podman_pods | default({}) | combine({service.pod.name: {'name': service.pod.name, 'ports': service.pod.ports | default([]) + (podman_pods[service.pod.name]['ports'] | default([]))}}) }}"
 
-- name: Get list of pods
-  shell: podman pod ps --format {% raw %}'{{.Name}}'{% endraw %}
-  register: podman_pod_ps
-  when: podman_pods | length > 0
+- name: Delete pods with missing port bindings
+  loop: "{{ podman_pods | subelements('ports', skip_missing=yes) }}"
+  loop_control:
+    loop_var: pod
+  when: pod.0.ports is defined
+  shell: |
+    podman pod exists {{pod.0.name}} \
+    && (podman pod inspect {{pod.0.name}} \
+    | jq -e ".Config.infraConfig.infraPortBindings[] | select(.hostPort=={{ lookup('dict', pod.1).key }} and .containerPort=={{ lookup('dict', pod.1).value }})" \
+    || podman pod rm -f {{pod.0.name}}) || true
+  register: podman_pod_inspect
 
 - name: Create required pods
-  loop: "{{podman_pods}}"
+  loop: "{{podman_pods | dict2items }}"
   loop_control:
     loop_var: pod
-  when: pod not in podman_pod_ps.stdout_lines
-  shell: podman pod create --name "{{pod}}"
+  shell: |
+    podman pod exists "{{pod.key}}" \
+    ||  podman pod create --name "{{pod.key}}" \
+    {% if pod.value.ports|default([])|length > 0 %}\
+      --publish {% for port in pod.value.ports %}{{lookup('dict', port).key}}:{{lookup('dict', port).value}}{%- if not loop.last -%},{%- endif -%}{% endfor %}\
+    {% endif %}
diff --git a/templates/podman.service b/templates/podman.service
index edcf9cb..3ca3665 100644
--- a/templates/podman.service
+++ b/templates/podman.service
@@ -23,8 +23,8 @@ ExecStart=/usr/bin/podman run \
                           {% if service.network is defined %}
                           --network {{ service.network }}
                           {% endif %}
-                          {% if service.pod is defined %}
-                          --pod {{ service.pod }} \
+                          {% if service.pod.name is defined %}
+                          --pod {{ service.pod.name }} \
                           {% endif %}
                           {% if service.publish is defined %}
                           {% for publish in service.publish %}