chasinglogic · jwhb · Jul 28, 2020 · Jul 28, 2020 · chasinglogic · Jul 29, 2020
diff --git a/README.md b/README.md
@@ -54,6 +54,12 @@ podman_services:
     # If the network does not exist it will be created. This can be used to allow
     # multiple services to network with each other. See Networking for caveats
     network: somenetwork
+    # Optional: String name of the pod to be passed to --pod flag.
+    # If the pod does not exist it will be created.
+    # If you specify a port map (optional) it will be passed to --publish.
+    pod:
+      name: somepod
+      ports: [80: 80, 443: 443]
     # Optional: List of volumes to mount. Takes the same form as the
     # podman CLI host-directory:container-directory and as shown below
     # mount options are allowed.

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -9,13 +9,15 @@
     state: directory
     path: /etc/containers
 
-# Podman uses this, on at least Ubuntu, to do port publishing.
-- name: Ensure iptables is installed
+# Podman uses iptables, on at least Ubuntu, to do port publishing.
+- name: Ensure required packages are installed
   become: true
   become_user: root
   package:
-    name: iptables
-    state: present
+    name: "{{item}}"
+  loop:
+    - iptables
+    - jq
 
 - name: Include tasks for Red Hat OS family
   include_tasks: redhat.yml
@@ -26,6 +28,9 @@
   include_tasks: ubuntu.yml
   when: ansible_distribution == "Ubuntu"
 
+- name: Include tasks to create pods
+  include_tasks: podman_pods.yml
+
 - include_tasks: podman_service.yml
   loop: "{{ podman_services }}"
   loop_control:

diff --git a/tasks/podman_pods.yml b/tasks/podman_pods.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Determine list of required pods and ports
+  when: service.pod is defined
+  loop: "{{ podman_services }}"
+  loop_control:
+    loop_var: service
+  set_fact:
+    podman_pods: "{{ podman_pods | default({}) | combine({service.pod.name: {'name': service.pod.name, 'ports': service.pod.ports | default([]) + (podman_pods[service.pod.name]['ports'] | default([]))}}) }}"
+
+- name: Delete pods with missing port bindings
+  loop: "{{ podman_pods | subelements('ports', skip_missing=yes) }}"
+  loop_control:
+    loop_var: pod
+  when: pod.0.ports is defined
+  shell: |
+    podman pod exists {{pod.0.name}} \
+    && (podman pod inspect {{pod.0.name}} \
+    | jq -e ".Config.infraConfig.infraPortBindings[] | select(.hostPort=={{ lookup('dict', pod.1).key }} and .containerPort=={{ lookup('dict', pod.1).value }})" \
+    || podman pod rm -f {{pod.0.name}}) || true
+  register: podman_pod_inspect
+
+- name: Create required pods
+  loop: "{{podman_pods | dict2items }}"
+  loop_control:
+    loop_var: pod
+  shell: |
+    podman pod exists "{{pod.key}}" \
+    ||  podman pod create --name "{{pod.key}}" \
+    {% if pod.value.ports|default([])|length > 0 %}\
+      --publish {% for port in pod.value.ports %}{{lookup('dict', port).key}}:{{lookup('dict', port).value}}{%- if not loop.last -%},{%- endif -%}{% endfor %}\
+    {% endif %}
diff --git a/templates/podman.service b/templates/podman.service
@@ -23,6 +23,9 @@ ExecStart=/usr/bin/podman run \
                           {% if service.network is defined %}
                           --network {{ service.network }}
                           {% endif %}
+                          {% if service.pod.name is defined %}
+                          --pod {{ service.pod.name }} \
+                          {% endif %}
                           {% if service.publish is defined %}
                           {% for publish in service.publish %}
                           --publish {{ publish }} \