-
Notifications
You must be signed in to change notification settings - Fork 0
/
fedora-bootc-testserver-storage.yml
50 lines (43 loc) · 1.81 KB
/
fedora-bootc-testserver-storage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# ansible-galaxy collection install linux_system_roles.storage
# then
# cd ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/requirements.yml
# ansible-galaxy collection install -vv -r requirements.yml
---
- hosts: fedora-bootc-testserver
#connection: local
become: yes
roles:
- fedora.linux_system_roles.storage
tasks:
- name: What's the user containers directory?
debug:
var: mount_point_user_containers
- name: Configure storage directory for rootless containers
block:
- name: Set correct directory ownership/permissions for rootless container mount point
file:
path: "{{ mount_point_user_containers }}"
state: directory
owner: root
group: root
mode: '0777'
# Fix the SELinux permissions for user container storage as per:
# https://github.com/containers/podman/issues/12812
# https://github.com/containers/podman/issues/3234
# $ sudo semanage fcontext -a -e $HOME/.local/share/containers /mnt/containers
# $ restorecon -R -v /mnt
- name: Allow users to modify files in their local container storage directories
community.general.sefcontext:
#target: '/mnt/containers(/.*)?'
#target: '/mnt/containers'
target: "{{ mount_point_user_containers }}"
# Trying to set seuser is redundant when using SELinux targeted policy
seuser: unconfined_u
setype: data_home_t
state: present
- name: Apply new SELinux file context to filesystem
#ansible.builtin.command: restorecon -irv /mnt/containers
ansible.builtin.command: restorecon -iv {{ mount_point_user_containers }}
when: mount_point_user_containers is defined
tags:
- podman