containers.podman.podman_container module – Manage podman containers

Note

This module is part of the containers.podman collection (version 1.16.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install containers.podman. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: containers.podman.podman_container.

New in containers.podman 1.0.0

Synopsis

  • Start, stop, restart and manage Podman containers

Requirements

The below requirements are needed on the host that executes this module.

  • podman

Parameters

Parameter

Comments

annotation

dictionary

Add an annotation to the container. The format is key value, multiple times.

arch

string

Set the architecture for the container. Override the architecture, defaults to hosts, of the image to be pulled. For example, arm.

attach

list / elements=string

Attach to STDIN, STDOUT or STDERR. The default in Podman is false.

Choices:

  • "stdin"

  • "stdout"

  • "stderr"

authfile

path

Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` (Not available for remote commands) You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``

blkio_weight

integer

Block IO weight (relative weight) accepts a weight value between 10 and 1000

blkio_weight_device

dictionary

Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).

cap_add

aliases: capabilities

list / elements=string

List of capabilities to add to the container.

cap_drop

list / elements=string

List of capabilities to drop from the container.

cgroup_conf

dictionary

When running on cgroup v2, specify the cgroup file to write to and its value.

cgroup_parent

path

Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.

cgroupns

string

Path to cgroups under which the cgroup for the container will be created.

cgroups

string

Determines whether the container will create CGroups. Valid values are enabled and disabled, which the default being enabled. The disabled option will force the container to not create CGroups, and thus conflicts with CGroup options cgroupns and cgroup-parent.

chrootdirs

string

Path to a directory inside the container that is treated as a chroot directory.

cidfile

path

Write the container ID to the file

cmd_args

list / elements=string

Any additional command options you want to pass to podman command itself, for example --log-level=debug or --syslog. This is NOT command to run in container, but rather options for podman itself. For container command please use command option.

command

any

Override command of container. Can be a string or a list.

conmon_pidfile

path

Write the pid of the conmon process to a file. conmon runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.

cpu_period

integer

Limit the CPU CFS (Completely Fair Scheduler) period

cpu_quota

integer

Limit the CPU CFS (Completely Fair Scheduler) quota

cpu_rt_period

integer

Limit the CPU real-time period in microseconds. Limit the container’s Real Time CPU usage. This flag tell the kernel to restrict the container’s Real Time CPU usage to the period you specify.

cpu_rt_runtime

integer

Limit the CPU real-time runtime in microseconds. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume.

cpu_shares

integer

CPU shares (relative weight)

cpus

string

Number of CPUs. The default is 0.0 which means no limit.

cpuset_cpus

string

CPUs in which to allow execution (0-3, 0,1)

cpuset_mems

string

Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.

debug

boolean

Return additional information which can be helpful for investigations.

Choices:

  • false ← (default)

  • true

decryption_key

string

The “key-passphrase” to be used for decryption of images. Key can point to keys and/or certificates.

delete_depend

boolean

Remove selected container and recursively remove all containers that depend on it. Applies to “delete” command.

Choices:

  • false

  • true

delete_time

string

Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. Applies to “delete” command.

delete_volumes

boolean

Remove anonymous volumes associated with the container. This does not include named volumes created with podman volume create, or the –volume option of podman run and podman create.

Choices:

  • false

  • true

detach

boolean

Run container in detach mode

Choices:

  • false

  • true ← (default)

detach_keys

string

Override the key sequence for detaching a container. Format is a single character or ctrl-value

device

list / elements=string

Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>] (e.g. device /dev/sdc:/dev/xvdc:rwm)

device_cgroup_rule

string

Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation admin-guide/cgroup-v1/devices.

device_read_bps

list / elements=string

Limit read rate (bytes per second) from a device (e.g. device-read-bps /dev/sda:1mb)

device_read_iops

list / elements=string

Limit read rate (IO per second) from a device (e.g. device-read-iops /dev/sda:1000)

device_write_bps

list / elements=string

Limit write rate (bytes per second) to a device (e.g. device-write-bps /dev/sda:1mb)

device_write_iops

list / elements=string

Limit write rate (IO per second) to a device (e.g. device-write-iops /dev/sda:1000)

dns

aliases: dns_servers

list / elements=string

Set custom DNS servers

dns_option

aliases: dns_opts

string

Set custom DNS options

dns_search

aliases: dns_search_domains

string

Set custom DNS search domains (Use dns_search with ‘’ if you don’t wish to set the search domain)

entrypoint

string

Overwrite the default ENTRYPOINT of the image

env

dictionary

Set environment variables. This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container.

env_file

aliases: env_files

list / elements=path

Read in a line delimited file of environment variables. Doesn’t support idempotency. If users changes the file with environment variables it’s on them to recreate the container. The file must be present on the REMOTE machine where actual podman is running, not on the controller machine where Ansible is executing. If you need to copy the file from controller to remote machine, use the copy or slurp module.

env_host

boolean

Use all current host environment variables in container. Defaults to false.

Choices:

  • false

  • true

env_merge

dictionary

Preprocess default environment variables for the containers

etc_hosts

aliases: add_hosts

dictionary

Dict of host-to-IP mappings, where each host name is a key in the dictionary. Each host name will be added to the container’s ``/etc/hosts`` file.

executable

string

Path to podman executable if it is not in the $PATH on the machine running podman

Default: "podman"

expose

aliases: exposed, exposed_ports

list / elements=string

Expose a port, or a range of ports (e.g. expose “3300-3310”) to set up port redirection on the host system.

force_delete

boolean

Force deletion of container when it’s being deleted.

Choices:

  • false

  • true ← (default)

force_restart

aliases: restart

boolean

Force restart of container.

Choices:

  • false ← (default)

  • true

generate_systemd

dictionary

Generate systemd unit file for container.

Default: {}

after

list / elements=string

Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.

container_prefix

string

Set the systemd unit name prefix for containers. The default is “container”.

names

boolean

Use names of the containers for the start, stop, and description in the unit file. Default is true.

Choices:

  • false

  • true ← (default)

new

boolean

Create containers and pods when the unit is started instead of expecting them to exist. The default is “false”. Refer to podman-generate-systemd(1) for more information.

Choices:

  • false ← (default)

  • true

no_header

boolean

Do not generate the header including meta data such as the Podman version and the timestamp. From podman version 3.1.0.

Choices:

  • false ← (default)

  • true

path

string

Specify a path to the directory where unit files will be generated. Required for this option. If it doesn’t exist, the directory will be created.

pod_prefix

string

Set the systemd unit name prefix for pods. The default is “pod”.

requires

list / elements=string

Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.

restart_policy

string

Specify a restart policy for the service. The restart-policy must be one of “no”, “on-success”, “on-failure”, “on-abnormal”, “on-watchdog”, “on-abort”, or “always”. The default policy is “on-failure”.

Choices:

  • "no"

  • "on-success"

  • "on-failure"

  • "on-abnormal"

  • "on-watchdog"

  • "on-abort"

  • "always"

restart_sec

integer

Set the systemd service restartsec value.

separator

string

Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is “-” (dash).

start_timeout

integer

Override the default start timeout for the container with the given value.

stop_timeout

aliases: time

integer

Override the default stop timeout for the container with the given value. Called `time` before version 4.

wants

list / elements=string

Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.

gidmap

list / elements=string

Run the container in a new user namespace using the supplied mapping.

gpus

string

GPU devices to add to the container.

group_add

aliases: groups

list / elements=string

Add additional groups to run as

group_entry

string

Customize the entry that is written to the /etc/group file within the container when –user is used.

health_startup_cmd

string

Set a startup healthcheck command for a container.

health_startup_interval

string

Set an interval for the startup healthcheck.

health_startup_retries

integer

The number of attempts allowed before the startup healthcheck restarts the container. If set to 0, the container is never restarted. The default is 0.

health_startup_success

integer

The number of successful runs required before the startup healthcheck succeeds and the regular healthcheck begins. A value of 0 means that any success begins the regular healthcheck. The default is 0.

health_startup_timeout

string

The maximum time a startup healthcheck command has to complete before it is marked as failed.

healthcheck

aliases: health_cmd

string

Set or alter a healthcheck command for a container.

healthcheck_failure_action

aliases: health_on_failure

string

The action to be taken when the container is considered unhealthy. The action must be one of “none”, “kill”, “restart”, or “stop”. The default policy is “none”.

Choices:

  • "none"

  • "kill"

  • "restart"

  • "stop"

healthcheck_interval

aliases: health_interval

string

Set an interval for the healthchecks (a value of disable results in no automatic timer setup) (default “30s”)

healthcheck_retries

aliases: health_retries

integer

The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is 3.

healthcheck_start_period

aliases: health_start_period

string

The initialization time needed for a container to bootstrap. The value can be expressed in time format like 2m3s. The default value is 0s

healthcheck_timeout

aliases: health_timeout

string

The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the value can be expressed in a time format such as 1m22s. The default value is 30s

hooks_dir

list / elements=string

Each .json file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see oci-hooks(5). Can be set multiple times.

hostname

string

Container host name. Sets the container host name that is available inside the container.

hostuser

string

Add a user account to /etc/passwd from the host to the container. The Username or UID must exist on the host system.

http_proxy

boolean

By default proxy environment variables are passed into the container if set for the podman process. This can be disabled by setting the http_proxy option to false. The environment variables passed in include http_proxy, https_proxy, ftp_proxy, no_proxy, and also the upper case versions of those. Defaults to true

Choices:

  • false

  • true

image

string

Repository path (or image name) and tag used to create the container. If an image is not found, the image will be pulled from the registry. If no tag is included, latest will be used.

Can also be an image ID. If this is the case, the image is assumed to be available locally.

image_strict

boolean

Whether to compare images in idempotency by taking into account a full name with registry and namespaces.

Choices:

  • false ← (default)

  • true

image_volume

string

Tells podman how to handle the builtin image volumes. The options are bind, tmpfs, or ignore (default bind)

Choices:

  • "bind"

  • "tmpfs"

  • "ignore"

init

boolean

Run an init inside the container that forwards signals and reaps processes. The default is false.

Choices:

  • false

  • true

init_ctr

string

(Pods only). When using pods, create an init style container, which is run after the infra container is started but before regular pod containers are started.

Choices:

  • "once"

  • "always"

init_path

string

Path to the container-init binary.

interactive

boolean

Keep STDIN open even if not attached. The default is false. When set to true, keep stdin open even if not attached. The default is false.

Choices:

  • false

  • true

ip

string

Specify a static IP address for the container, for example ‘10.88.64.128’. Can only be used if no additional CNI networks to join were specified via ‘network:’, and if the container is not joining another container’s network namespace via ‘network container:<name|id>’. The address must be within the default CNI network’s pool (default 10.88.0.0/16).

ip6

string

Specify a static IPv6 address for the container

ipc

aliases: ipc_mode

string

Default is to create a private IPC namespace (POSIX SysV IPC) for the container

kernel_memory

string

Kernel memory limit (format <number>[<unit>], where unit = b, k, m or g) Note - idempotency is supported for integers only.

label

aliases: labels

dictionary

Add metadata to a container, pass dictionary of label names and values

label_file

string

Read in a line delimited file of labels

log_driver

string

Logging driver. Used to set the log driver for the container. For example log_driver “k8s-file”.

Choices:

  • "k8s-file"

  • "journald"

  • "json-file"

log_level

string

Logging level for Podman. Log messages above specified level (“debug”|”info”|”warn”|”error”|”fatal”|”panic”) (default “error”)

Choices:

  • "debug"

  • "info"

  • "warn"

  • "error"

  • "fatal"

  • "panic"

log_opt

aliases: log_options

dictionary

Logging driver specific options. Used to set the path to the container log file.

max_size

string

Specify a max size of the log file (e.g 10mb).

path

string

Specify a path to the log file (e.g. /var/log/container/mycontainer.json).

tag

string

Specify a custom log tag for the container.

mac_address

string

Specify a MAC address for the container, for example ‘92:d0:c6:0a:29:33’. Don’t forget that it must be unique within one Ethernet network.

memory

string

Memory limit (format 10k, where unit = b, k, m or g) Note - idempotency is supported for integers only.

memory_reservation

string

Memory soft limit (format 100m, where unit = b, k, m or g) Note - idempotency is supported for integers only.

memory_swap

string

A limit value equal to memory plus swap. Must be used with the -m (–memory) flag. The swap LIMIT should always be larger than -m (–memory) value. By default, the swap LIMIT will be set to double the value of –memory Note - idempotency is supported for integers only.

memory_swappiness

integer

Tune a container’s memory swappiness behavior. Accepts an integer between 0 and 100.

mount

aliases: mounts

list / elements=string

Attach a filesystem mount to the container. bind or tmpfs For example mount “type=bind,source=/path/on/host,destination=/path/in/container”

name

string / required

Name of the container

network

aliases: net, network_mode

list / elements=string

Set the Network mode for the container * bridge create a network stack on the default bridge * none no networking * container:<name|id> reuse another container’s network stack * host use the podman host network stack. * <network-name>|<network-id> connect to a user-defined network * ns:<path> path to a network namespace to join * slirp4netns use slirp4netns to create a user network stack. This is the default for rootless containers

network_aliases

aliases: network_alias

list / elements=string

Add network-scoped alias for the container. A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release.

no_healthcheck

boolean

Disable any defined healthchecks for container.

Choices:

  • false

  • true

no_hosts

boolean

Do not create /etc/hosts for the container Default is false.

Choices:

  • false

  • true

oom_kill_disable

boolean

Whether to disable OOM Killer for the container or not. Default is false.

Choices:

  • false

  • true

oom_score_adj

integer

Tune the host’s OOM preferences for containers (accepts -1000 to 1000)

os

string

Override the OS, defaults to hosts, of the image to be pulled. For example, windows.

passwd

boolean

Allow Podman to add entries to /etc/passwd and /etc/group when used in conjunction with the –user option. This is used to override the Podman provided user setup in favor of entrypoint configurations such as libnss-extrausers.

Choices:

  • false

  • true

passwd_entry

string

Customize the entry that is written to the /etc/passwd file within the container when –passwd is used.

personality

string

Personality sets the execution domain via Linux personality(2).

pid

aliases: pid_mode

string

Set the PID mode for the container

pid_file

path

When the pidfile location is specified, the container process’ PID is written to the pidfile.

pids_limit

string

Tune the container’s PIDs limit. Set -1 to have unlimited PIDs for the container.

platform

string

Specify the platform for selecting the image.

pod

string

Run container in an existing pod. If you want podman to make the pod for you, prefix the pod name with “new:”

pod_id_file

path

Run container in an existing pod and read the pod’s ID from the specified file. When a container is run within a pod which has an infra-container, the infra-container starts first.

preserve_fd

list / elements=string

Pass down to the process the additional file descriptors specified in the comma separated list.

preserve_fds

string

Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs are 3\+N.

privileged

boolean

Give extended privileges to this container. The default is false.

Choices:

  • false

  • true

publish

aliases: ports, published, published_ports

list / elements=string

Publish a container’s port, or range of ports, to the host. Format - ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort In case of only containerPort is set, the hostPort will chosen randomly by Podman.

publish_all

boolean

Publish all exposed ports to random ports on the host interfaces. The default is false.

Choices:

  • false

  • true

pull

string

Pull image policy. The default is ‘missing’.

Choices:

  • "missing"

  • "always"

  • "never"

  • "newer"

quadlet_dir

path

Path to the directory to write quadlet file in. By default, it will be set as /etc/containers/systemd/ for root user, ~/.config/containers/systemd/ for non-root users.

quadlet_file_mode

any

The permissions of the quadlet file.

The quadlet_file_mode can be specied as octal numbers or as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r). For octal numbers format, you must either add a leading zero so that Ansible’s YAML parser knows it is an octal number (like 0644 or 01777) or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.

If quadlet_file_mode is not specified and the quadlet file does not exist, the default '0640' mask will be used when setting the mode for the newly created file.

If quadlet_file_mode is not specified and the quadlet file does exist, the mode of the existing file will be used.

Specifying quadlet_file_mode is the best way to ensure files are created with the correct permissions.

quadlet_filename

string

Name of quadlet file to write. By default it takes name value.

quadlet_options

list / elements=string

Options for the quadlet file. Provide missing in usual container args options as a list of lines to add.

rdt_class

string

Rdt-class sets the class of service (CLOS or COS) for the container to run in. Requires root.

read_only

boolean

Mount the container’s root filesystem as read only. Default is false

Choices:

  • false

  • true

read_only_tmpfs

boolean

If container is running in –read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is true

Choices:

  • false

  • true

recreate

boolean

Use with present and started states to force the re-creation of an existing container.

Choices:

  • false ← (default)

  • true

requires

list / elements=string

Specify one or more requirements. A requirement is a dependency container that will be started before this container. Containers can be specified by name or ID.

restart_policy

string

Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the podman kill or podman stop commands. Valid values are * no - Do not restart containers on exit * on-failure[:max_retries] - Restart containers when they exit with a non-0 exit code, retrying indefinitely or until the optional max_retries count is hit * always - Restart containers when they exit, regardless of status, retrying indefinitely

restart_time

string

Seconds to wait before forcibly stopping the container when restarting. Use -1 for infinite wait. Applies to “restarted” status.

retry

integer

Number of times to retry pulling or pushing images between the registry and local storage in case of failure. Default is 3.

retry_delay

string

Duration of delay between retry attempts when pulling or pushing images between the registry and local storage in case of failure.

rm

aliases: remove, auto_remove

boolean

Automatically remove the container when it exits. The default is false.

Choices:

  • false

  • true

rmi

boolean

After exit of the container, remove the image unless another container is using it. Implies –rm on the new container. The default is false.

Choices:

  • false

  • true

rootfs

boolean

If true, the first argument refers to an exploded container on the file system. The default is false.

Choices:

  • false

  • true

sdnotify

string

Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. Can be container, conmon, ignore.

seccomp_policy

string

Specify the policy to select the seccomp profile.

secrets

list / elements=string

Add the named secrets into the container. The format is secret[,opt=opt...], see documentation for more details.

security_opt

list / elements=string

Security Options. For example security_opt “seccomp=unconfined”

shm_size

string

Size of /dev/shm. The format is <number><unit>. number must be greater than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes), or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses 64m

shm_size_systemd

string

Size of systemd-specific tmpfs mounts such as /run, /run/lock, /var/log/journal and /tmp.

sig_proxy

boolean

Proxy signals sent to the podman run command to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true.

Choices:

  • false

  • true

state

string

absent - A container matching the specified name will be stopped and removed.

present - Asserts the existence of a container matching the name and any provided configuration parameters. If no container matches the name, a container will be created. If a container matches the name but the provided configuration does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the requested config. Image version will be taken into account when comparing configuration. Use the recreate option to force the re-creation of the matching container.

started - Asserts there is a running container matching the name and any provided configuration. If no container matches the name, a container will be created and started. Use recreate to always re-create a matching container, even if it is running. Use force_restart to force a matching container to be stopped and restarted.

stopped - Asserts that the container is first present, and then if the container is running moves it to a stopped state.

created - Asserts that the container exists with given configuration. If container doesn’t exist, the module creates it and leaves it in ‘created’ state. If configuration doesn’t match or ‘recreate’ option is set, the container will be recreated

quadlet - Write a quadlet file with the specified configuration.

Choices:

  • "absent"

  • "present"

  • "stopped"

  • "started" ← (default)

  • "created"

  • "quadlet"

stop_signal

integer

Signal to stop a container. Default is SIGTERM.

stop_time

string

Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. Applies to “stopped” status.

stop_timeout

integer

Timeout (in seconds) to stop a container. Default is 10.

subgidname

string

Run the container in a new user namespace using the map with ‘name’ in the /etc/subgid file.

subuidname

string

Run the container in a new user namespace using the map with ‘name’ in the /etc/subuid file.

sysctl

dictionary

Configure namespaced kernel parameters at runtime

systemd

string

Run container in systemd mode. The default is true.

timeout

integer

Maximum time (in seconds) a container is allowed to run before conmon sends it the kill signal. By default containers run until they exit or are stopped by “podman stop”.

timezone

string

Set timezone in container. This flag takes area-based timezones, GMT time, as well as local, which sets the timezone in the container to match the host machine. See /usr/share/zoneinfo/ for valid timezones. Remote connections use local containers.conf for defaults.

tls_verify

boolean

Require HTTPS and verify certificates when pulling images.

Choices:

  • false

  • true

tmpfs

dictionary

Create a tmpfs mount. For example tmpfs “/tmp” “rw,size=787448k,mode=1777”

tty

boolean

Allocate a pseudo-TTY. The default is false.

Choices:

  • false

  • true

uidmap

list / elements=string

Run the container in a new user namespace using the supplied mapping.

ulimit

aliases: ulimits

list / elements=string

Ulimit options

umask

string

Set the umask inside the container. Defaults to 0022. Remote connections use local containers.conf for defaults.

unsetenv

list / elements=string

Unset default environment variables for the container.

unsetenv_all

boolean

Unset all default environment variables for the container.

Choices:

  • false

  • true

user

string

Sets the username or UID used and optionally the groupname or GID for the specified command.

userns

aliases: userns_mode

string

Set the user namespace mode for the container. It defaults to the PODMAN_USERNS environment variable. An empty value means user namespaces are disabled.

uts

string

Set the UTS mode for the container

variant

string

Use VARIANT instead of the default architecture variant of the container image.

volume

aliases: volumes

list / elements=string

Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR, podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the podman container.

volumes_from

list / elements=string

Mount volumes from the specified container(s).

workdir

aliases: working_dir

string

Working directory inside the container. The default working directory for running binaries within a container is the root directory (/).

Examples

- name: Run container
  containers.podman.podman_container:
    name: container
    image: quay.io/bitnami/wildfly
    state: started

- name: Create a data container
  containers.podman.podman_container:
    name: mydata
    image: busybox
    volume:
      - /tmp/data

- name: Re-create a redis container with systemd service file generated in /tmp/
  containers.podman.podman_container:
    name: myredis
    image: redis
    command: redis-server --appendonly yes
    state: present
    recreate: true
    expose:
      - 6379
    volumes_from:
      - mydata
    generate_systemd:
      path: /tmp/
      restart_policy: always
      stop_timeout: 120
      names: true
      container_prefix: ainer

- name: Restart a container
  containers.podman.podman_container:
    name: myapplication
    image: redis
    state: started
    restart: true
    etc_hosts:
        other: "127.0.0.1"
    restart_policy: "no"
    device: "/dev/sda:/dev/xvda:rwm"
    ports:
        - "8080:9000"
        - "127.0.0.1:8081:9001/udp"
    env:
        SECRET_KEY: "ssssh"
        BOOLEAN_KEY: "yes"

- name: Container present
  containers.podman.podman_container:
    name: mycontainer
    state: present
    image: ubuntu:14.04
    command: "sleep 1d"

- name: Stop a container
  containers.podman.podman_container:
    name: mycontainer
    state: stopped

- name: Start 4 load-balanced containers
  containers.podman.podman_container:
    name: "container{{ item }}"
    recreate: true
    image: someuser/anotherappimage
    command: sleep 1d
  with_sequence: count=4

- name: remove container
  containers.podman.podman_container:
    name: ohno
    state: absent

- name: Writing output
  containers.podman.podman_container:
    name: myservice
    image: busybox
    log_options: path=/var/log/container/mycontainer.json
    log_driver: k8s-file

- name: Run container with complex command with quotes
  containers.podman.podman_container:
    name: mycontainer
    image: certbot/certbot
    command:
      - renew
      - --deploy-hook
      - "echo 1 > /var/lib/letsencrypt/complete"

- name: Create a Quadlet file
  containers.podman.podman_container:
    name: quadlet-container
    image: nginx
    state: quadlet
    quadlet_filename: custome-container
    quadlet_file_mode: '0640'
    device: "/dev/sda:/dev/xvda:rwm"
    ports:
      - "8080:80"
    volumes:
      - "/var/www:/usr/share/nginx/html"
    quadlet_options:
      - "AutoUpdate=registry"
      - "Pull=newer"
      - |
        [Install]
        WantedBy=default.target

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

container

dictionary

Facts representing the current state of the container. Matches the podman inspection output.

Note that facts are part of the registered vars since Ansible 2.8. For compatibility reasons, the facts are also accessible directly as podman_container. Note that the returned fact will be removed in Ansible 2.12.

Empty if state is absent.

Returned: always

Sample: "{ \"Id\": \"d38a8fcd61ab7e0754355e8fb3acc201e07770f3d1fd8fed36556941ac458ce\", \"Created\": \"2024-08-14T00:04:33.127266655+03:00\", \"Path\": \"/entrypoint.sh\", \"Args\": [ \"/entrypoint.sh\" ], \"State\": { \"OciVersion\": \"1.1.0+dev\", \"Status\": \"running\", \"Running\": true, \"Paused\": false, \"Restarting\": false, \"OOMKilled\": false, \"Dead\": false, \"Pid\": 2434164, \"ConmonPid\": 2434162, \"ExitCode\": 0, \"Error\": \"\", \"StartedAt\": \"2024-08-14T00:04:33.237286439+03:00\", \"FinishedAt\": \"0001-01-01T00:00:00Z\", \"Health\": { \"Status\": \"\", \"FailingStreak\": 0, \"Log\": null }, \"CgroupPath\": \"/user.slice/user-1000.slice/user@1000.service/user.slice/libpod-d38a....scope\", \"CheckpointedAt\": \"0001-01-01T00:00:00Z\", \"RestoredAt\": \"0001-01-01T00:00:00Z\" }, \"Image\": \"fe2ba3a8ede60e5938e666b483c3a812ba902dac2303341930fbadc0482592b7\", \"ImageDigest\": \"sha256:1222865ed7489298ee28414ddedb63a0c6405938c3a38adf21c8656d7f532271\", \"ImageName\": \"registry/org/image:latest\", \"Rootfs\": \"\", \"Pod\": \"\", \"ResolvConfPath\": \"/run/user/1000/containers/overlay-containers/d38a.../userdata/resolv.conf\", \"HostnamePath\": \"/run/user/1000/containers/overlay-containers/d38a.../userdata/hostname\", \"HostsPath\": \"/run/user/1000/containers/overlay-containers/d38a.../userdata/hosts\", \"StaticDir\": \"/home/podman/.local/share/containers/storage/overlay-containers/d38a.../userdata\", \"OCIConfigPath\": \"/home/podman/.local/share/containers/....json\", \"OCIRuntime\": \"crun\", \"ConmonPidFile\": \"/run/user/1000/containers/overlay-containers/d38a.../userdata/conmon.pid\", \"PidFile\": \"/run/user/1000/containers/overlay-containers/d38a.../userdata/pidfile\", \"Name\": \"costapp\", \"RestartCount\": 0, \"Driver\": \"overlay\", \"MountLabel\": \"system_u:object_r:container_file_t:s0:c493,c986\", \"ProcessLabel\": \"system_u:system_r:container_t:s0:c493,c986\", \"AppArmorProfile\": \"\", \"EffectiveCaps\": [ \"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_NET_BIND_SERVICE\", \"CAP_SETFCAP\", \"CAP_SETGID\", \"CAP_SETPCAP\", \"CAP_SETUID\", \"CAP_SYS_CHROOT\" ], \"BoundingCaps\": [ \"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_NET_BIND_SERVICE\", \"CAP_SETFCAP\", \"CAP_SETGID\", \"CAP_SETPCAP\", \"CAP_SETUID\", \"CAP_SYS_CHROOT\" ], \"ExecIDs\": [], \"GraphDriver\": { \"Name\": \"overlay\", \"Data\": { \"LowerDir\": \"/home/podman/.local/share/containers/storage/overlay/29e2.../diff:...\", \"MergedDir\": \"/home/podman/.local/share/containers/storage/overlay/865909.../merged\", \"UpperDir\": \"/home/podman/.local/share/containers/storage/overlay/865909.../diff\", \"WorkDir\": \"/home/podman/.local/share/containers/storage/overlay/865909.../work\" } }, \"Mounts\": [], \"Dependencies\": [], \"NetworkSettings\": { \"EndpointID\": \"\", \"Gateway\": \"\", \"IPAddress\": \"\", \"IPPrefixLen\": 0, \"IPv6Gateway\": \"\", \"GlobalIPv6Address\": \"\", \"GlobalIPv6PrefixLen\": 0, \"MacAddress\": \"\", \"Bridge\": \"\", \"SandboxID\": \"\", \"HairpinMode\": false, \"LinkLocalIPv6Address\": \"\", \"LinkLocalIPv6PrefixLen\": 0, \"Ports\": { \"80/tcp\": [ { \"HostIp\": \"\", \"HostPort\": \"8888\" } ] }, \"SandboxKey\": \"/run/user/1000/netns/netns-2343321-795a-8289-14c0-77ee2556ebf1\" }, \"Namespace\": \"\", \"IsInfra\": false, \"IsService\": false, \"KubeExitCodePropagation\": \"invalid\", \"lockNumber\": 1417, \"Config\": { \"Hostname\": \"444a8274863a\", \"Domainname\": \"\", \"User\": \"\", \"AttachStdin\": false, \"AttachStdout\": false, \"AttachStderr\": false, \"Tty\": false, \"OpenStdin\": false, \"StdinOnce\": false, \"Env\": [ \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"container=podman\", \"HOME=/root\", \"HOSTNAME=444a8274863a\" ], \"Cmd\": null, \"Image\": \"registry/org/image:latest\", \"Volumes\": null, \"WorkingDir\": \"/\", \"Entrypoint\": \"/entrypoint.sh\", \"OnBuild\": null, \"Labels\": { \"io.buildah.version\": \"1.31.2\" }, \"Annotations\": { \"io.container.manager\": \"libpod\", \"org.opencontainers.image.stopSignal\": \"15\" }, \"StopSignal\": 15, \"HealthcheckOnFailureAction\": \"none\", \"CreateCommand\": [ \"podman\", \"run\", \"-d\", \"--name\", \"test\", \"-p\", \"8888:80\", \"registry/org/image:latest\" ], \"Umask\": \"0022\", \"Timeout\": 0, \"StopTimeout\": 10, \"Passwd\": true, \"sdNotifyMode\": \"container\" }, \"HostConfig\": { \"Binds\": [], \"CgroupManager\": \"systemd\", \"CgroupMode\": \"private\", \"ContainerIDFile\": \"\", \"LogConfig\": { \"Type\": \"journald\", \"Config\": null, \"Path\": \"\", \"Tag\": \"\", \"Size\": \"0B\" }, \"NetworkMode\": \"slirp4netns\", \"PortBindings\": { \"80/tcp\": [ { \"HostIp\": \"\", \"HostPort\": \"8888\" } ] }, \"RestartPolicy\": { \"Name\": \"\", \"MaximumRetryCount\": 0 }, \"AutoRemove\": false, \"VolumeDriver\": \"\", \"VolumesFrom\": null, \"CapAdd\": [], \"CapDrop\": [], \"Dns\": [], \"DnsOptions\": [], \"DnsSearch\": [], \"ExtraHosts\": [], \"GroupAdd\": [], \"IpcMode\": \"shareable\", \"Cgroup\": \"\", \"Cgroups\": \"default\", \"Links\": null, \"OomScoreAdj\": 0, \"PidMode\": \"private\", \"Privileged\": false, \"PublishAllPorts\": false, \"ReadonlyRootfs\": false, \"SecurityOpt\": [], \"Tmpfs\": {}, \"UTSMode\": \"private\", \"UsernsMode\": \"\", \"ShmSize\": 65536000, \"Runtime\": \"oci\", \"ConsoleSize\": [ 0, 0 ], \"Isolation\": \"\", \"CpuShares\": 0, \"Memory\": 0, \"NanoCpus\": 0, \"CgroupParent\": \"user.slice\", \"BlkioWeight\": 0, \"BlkioWeightDevice\": null, \"BlkioDeviceReadBps\": null, \"BlkioDeviceWriteBps\": null, \"BlkioDeviceReadIOps\": null, \"BlkioDeviceWriteIOps\": null, \"CpuPeriod\": 0, \"CpuQuota\": 0, \"CpuRealtimePeriod\": 0, \"CpuRealtimeRuntime\": 0, \"CpusetCpus\": \"\", \"CpusetMems\": \"\", \"Devices\": [], \"DiskQuota\": 0, \"KernelMemory\": 0, \"MemoryReservation\": 0, \"MemorySwap\": 0, \"MemorySwappiness\": 0, \"OomKillDisable\": false, \"PidsLimit\": 2048, \"Ulimits\": [ { \"Name\": \"RLIMIT_NOFILE\", \"Soft\": 524288, \"Hard\": 524288 }, { \"Name\": \"RLIMIT_NPROC\", \"Soft\": 256018, \"Hard\": 256018 } ], \"CpuCount\": 0, \"CpuPercent\": 0, \"IOMaximumIOps\": 0, \"IOMaximumBandwidth\": 0, \"CgroupConf\": null, }"

Authors

  • Sagi Shnaidman (@sshnaidm)