Rewrite podman and buildah connections (#962)

* Rewrite podman and buildah connections --------- Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
2026-02-04 07:11:49 +00:00 · 2025-09-11 20:35:09 +03:00 · 2025-09-11 20:35:09 +03:00 · 991e461ea5
commit 991e461ea5
parent 237bc385b9
38 changed files with 2966 additions and 344 deletions
--- a/playbooks/examples/README.md
+++ b/playbooks/examples/README.md
@ -1,3 +1,28 @@
+### Podman connection examples (with podman_containers inventory)
+
+This folder shows practical playbooks that execute directly inside running Podman containers using the connection plugin `containers.podman.podman` and inventory plugin `containers.podman.podman_containers`.
+
+How to use
+1) Create a simple inventory source that discovers running containers:
+   - See `inventory/podman_all.yml`
+   - Adjust `label_selectors` or `name_patterns` if you want to target a subset
+
+2) Run an example, e.g. basic exec:
+```bash
+ansible-playbook -i playbooks/examples/inventory/podman_all.yml playbooks/examples/podman_exec_basic.yml
+```
+
+Examples included
+- `podman_exec_basic.yml` — Run common commands (uptime, os-release), demonstrate environment variables and idempotent checks
+- `podman_copy_fetch.yml` — Copy files into a container and fetch them back (works with rootless or root)
+- `podman_multiuser_tasks.yml` — Execute tasks as different users inside containers (root and non-root), with optional become
+- `podman_pkg_manage.yml` — Install a package using apk/apt/yum depending on detected distro (no Python required)
+
+Notes
+- The inventory plugin assigns the connection automatically; no SSH is used
+- To run as non-root, set `ansible_user` (e.g. `nobody` or a numeric UID) on hosts or in a task/role scope
+- You can inject environment variables into exec using `ansible_podman_extra_env`
+
 ### Buildah connection playbook examples

 This folder contains self-contained Ansible playbooks demonstrating how to build images with Buildah while executing steps inside a working container through the Buildah connection plugin (`ansible_connection: containers.podman.buildah`). Each example shows a realistic workflow and explains the options used.
--- a/playbooks/examples/podman_copy_fetch.yml
+++ b/playbooks/examples/podman_copy_fetch.yml
@ -0,0 +1,40 @@
+---
+- name: Copy files into container and fetch them back
+  hosts: all
+  gather_facts: false
+  vars:
+    ansible_connection: containers.podman.podman
+  tasks:
+    - name: Compute controller time
+      delegate_to: localhost
+      vars:
+        ansible_connection: local
+      set_fact:
+        controller_now: "{{ lookup('pipe', 'date -Is') }}"
+
+    - name: Create temp file on controller
+      delegate_to: localhost
+      vars:
+        ansible_connection: local
+      copy:
+        dest: "/tmp/hello_from_controller.txt"
+        content: "Hello from controller at {{ controller_now }}\n"
+
+    - name: Upload file to container via podman cp
+      delegate_to: localhost
+      vars:
+        ansible_connection: local
+      command: >-
+        podman cp /tmp/hello_from_controller.txt {{ inventory_hostname }}:/tmp/hello_in_container.txt
+
+    - name: Show file details inside container
+      raw: "sh -lc 'ls -l /tmp/hello_in_container.txt && wc -l /tmp/hello_in_container.txt'"
+
+    - name: Fetch the file back via podman cp
+      delegate_to: localhost
+      vars:
+        ansible_connection: local
+      command: >-
+        podman cp {{ inventory_hostname }}:/tmp/hello_in_container.txt /tmp/fetched_{{ inventory_hostname }}.txt
+
+
--- a/playbooks/examples/podman_exec_basic.yml
+++ b/playbooks/examples/podman_exec_basic.yml
@ -0,0 +1,27 @@
+---
+- name: Exec inside running Podman containers (basic)
+  hosts: all
+  gather_facts: false
+  vars:
+    ansible_connection: containers.podman.podman
+    ansible_podman_extra_env:
+      EXAMPLE_FLAG: "true"
+  tasks:
+    - name: Show container name and id
+      raw: "sh -lc 'echo NAME=$(hostname) && cat /etc/hostname'"
+
+    - name: Check OS release
+      raw: "sh -lc 'test -f /etc/os-release && . /etc/os-release && echo \"$NAME $VERSION_ID\" || echo unknown'"
+      register: osrel
+
+    - name: Display OS release
+      debug:
+        var: osrel.stdout
+
+    - name: Print env from connection
+      raw: "sh -lc 'echo EXAMPLE_FLAG=$EXAMPLE_FLAG'"
+
+    - name: Idempotent marker create
+      raw: "sh -lc '[ -f /tmp/ansible_marker ] || touch /tmp/ansible_marker'"
+
+
--- a/playbooks/examples/podman_multiuser_tasks.yml
+++ b/playbooks/examples/podman_multiuser_tasks.yml
@ -0,0 +1,37 @@
+---
+- name: Run tasks as different users inside containers
+  hosts: all
+  gather_facts: false
+  vars:
+    ansible_connection: containers.podman.podman
+  tasks:
+    - name: Who am I (root default)
+      raw: id -u
+      register: uid_root
+
+    - name: Display root uid
+      debug:
+        msg: "root uid={{ uid_root.stdout }}"
+
+    - name: Run as nobody (if exists)
+      vars:
+        ansible_user: nobody
+      raw: "sh -lc 'id -u && touch /tmp/nobody_was_here'"
+      register: uid_nobody
+      failed_when: false
+
+    - name: Display nobody uid
+      debug:
+        msg: "nobody uid={{ uid_nobody.stdout | default('N/A') }}"
+
+    - name: Run with numeric uid 1000 (common)
+      vars:
+        ansible_user: "1000"
+      raw: "sh -lc 'id -u || true'"
+      register: uid_1000
+      failed_when: false
+
+    - name: Show marker files (root)
+      raw: "sh -lc 'ls -l /tmp/*was_here || true'"
+
+
--- a/playbooks/examples/podman_pkg_manage.yml
+++ b/playbooks/examples/podman_pkg_manage.yml
@ -0,0 +1,40 @@
+---
+- name: Install a small package in container with distro autodetect
+  hosts: all
+  gather_facts: false
+  vars:
+    ansible_connection: containers.podman.podman
+  tasks:
+    - name: Detect package manager
+      raw: >-
+        sh -lc 'if command -v apk >/dev/null 2>&1; then echo apk; exit 0; fi;
+        if command -v apt-get >/dev/null 2>&1; then echo apt; exit 0; fi;
+        if command -v dnf >/dev/null 2>&1; then echo dnf; exit 0; fi;
+        if command -v yum >/dev/null 2>&1; then echo yum; exit 0; fi;
+        echo none'
+      register: pkgmgr
+      changed_when: false
+
+    - name: Install procps or util-linux depending on distro
+      when: pkgmgr.stdout in ['apk','apt','dnf','yum']
+      block:
+        - name: APK install
+          when: pkgmgr.stdout == 'apk'
+          raw: "sh -lc 'apk add --no-cache procps'"
+
+        - name: APT install
+          when: pkgmgr.stdout == 'apt'
+          raw: "sh -lc 'apt-get update && apt-get install -y procps'"
+
+        - name: DNF install
+          when: pkgmgr.stdout == 'dnf'
+          raw: "sh -lc 'dnf -y install procps-ng'"
+
+        - name: YUM install
+          when: pkgmgr.stdout == 'yum'
+          raw: "sh -lc 'yum -y install procps-ng'"
+
+    - name: Verify tools exist
+      raw: "sh -lc 'ps --version || true'"
+
+