Add new options to pod module (#745)

Fix #742

Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>

plugins/module_utils/podman/podman_pod_lib.py

@@ -43,6 +43,7 @@ ARGUMENTS_SPEC_POD = dict(
     dns_search=dict(type='list', elements='str', required=False),
     generate_systemd=dict(type='dict', default={}),
     gidmap=dict(type='list', elements='str', required=False),
+    gpus=dict(type='str', required=False),
     hostname=dict(type='str', required=False),
     infra=dict(type='bool', required=False),
     infra_conmon_pidfile=dict(type='str', required=False),
@@ -50,6 +51,7 @@ ARGUMENTS_SPEC_POD = dict(
     infra_image=dict(type='str', required=False),
     infra_name=dict(type='str', required=False),
     ip=dict(type='str', required=False),
+    ip6=dict(type='str', required=False),
     label=dict(type='dict', required=False),
     label_file=dict(type='str', required=False),
     mac_address=dict(type='str', required=False),
@@ -67,13 +69,20 @@ ARGUMENTS_SPEC_POD = dict(
     quadlet_dir=dict(type='path'),
     quadlet_filename=dict(type='str'),
     quadlet_options=dict(type='list', elements='str'),
+    security_opt=dict(type='list', elements='str', required=False),
     share=dict(type='str', required=False),
+    share_parent=dict(type='bool', required=False),
+    shm_size=dict(type='str', required=False),
+    shm_size_systemd=dict(type='str', required=False),
     subgidname=dict(type='str', required=False),
     subuidname=dict(type='str', required=False),
+    sysctl=dict(type='dict', required=False),
     uidmap=dict(type='list', elements='str', required=False),
     userns=dict(type='str', required=False),
+    uts=dict(type='str', required=False),
     volume=dict(type='list', elements='str', aliases=['volumes'],
                 required=False),
+    volumes_from=dict(type='list', elements='str', required=False),
     executable=dict(type='str', required=False, default='podman'),
     debug=dict(type='bool', default=False),
 )
@@ -213,6 +222,9 @@ class PodmanPodModuleParams:
             c += ['--gidmap', gidmap]
         return c
 
+    def addparam_gpus(self, c):
+        return c + ['--gpus', self.params['gpus']]
+
     def addparam_hostname(self, c):
         return c + ['--hostname', self.params['hostname']]
 
@@ -236,6 +248,9 @@ class PodmanPodModuleParams:
     def addparam_ip(self, c):
         return c + ['--ip', self.params['ip']]
 
+    def addparam_ip6(self, c):
+        return c + ['--ip6', self.params['ip6']]
+
     def addparam_label(self, c):
         for label in self.params['label'].items():
             c += ['--label', b'='.join(
@@ -285,15 +300,36 @@ class PodmanPodModuleParams:
             c += ['--publish', g]
         return c
 
+    def addparam_security_opt(self, c):
+        for g in self.params['security_opt']:
+            c += ['--security-opt', g]
+        return c
+
     def addparam_share(self, c):
         return c + ['--share', self.params['share']]
 
+    def addparam_share_parent(self, c):
+        if self.params['share_parent'] is not None:
+            return c + ['--share-parent=%s' % self.params['share_parent']]
+        return c
+
+    def addparam_shm_size(self, c):
+        return c + ['--shm-size=%s' % self.params['shm_size']]
+
+    def addparam_shm_size_systemd(self, c):
+        return c + ['--shm-size-systemd=%s' % self.params['shm_size_systemd']]
+
     def addparam_subgidname(self, c):
         return c + ['--subgidname', self.params['subgidname']]
 
     def addparam_subuidname(self, c):
         return c + ['--subuidname', self.params['subuidname']]
 
+    def addparam_sysctl(self, c):
+        for k, v in self.params['sysctl'].items():
+            c += ['--sysctl', "%s=%s" % (k, v)]
+        return c
+
     def addparam_uidmap(self, c):
         for uidmap in self.params['uidmap']:
             c += ['--uidmap', uidmap]
@@ -302,12 +338,20 @@ class PodmanPodModuleParams:
     def addparam_userns(self, c):
         return c + ['--userns', self.params['userns']]
 
+    def addparam_uts(self, c):
+        return c + ['--uts', self.params['uts']]
+
     def addparam_volume(self, c):
         for vol in self.params['volume']:
             if vol:
                 c += ['--volume', vol]
         return c
 
+    def addparam_volumes_from(self, c):
+        for vol in self.params['volumes_from']:
+            c += ['--volumes-from', vol]
+        return c
+
 
 class PodmanPodDefaults:
     def __init__(self, module, podman_version):

plugins/module_utils/podman/quadlet.py

@@ -416,6 +416,8 @@ class PodQuadlet(Quadlet):
         if params["gidmap"]:
             for gidmap in params["gidmap"]:
                 params["podman_args"].append(f"--gidmap {gidmap}")
+        if params["gpus"]:
+            params["podman_args"].append(f"--gpus {params['gpus']}")
         if params["hostname"]:
             params["podman_args"].append(f"--hostname {params['hostname']}")
         if params["infra"]:
@@ -430,6 +432,8 @@ class PodQuadlet(Quadlet):
             params["podman_args"].append(f"--infra-name {params['infra_name']}")
         if params["ip"]:
             params["podman_args"].append(f"--ip {params['ip']}")
+        if params["ip6"]:
+            params["podman_args"].append(f"--ip6 {params['ip6']}")
         if params["label"]:
             for label, label_v in params["label"].items():
                 params["podman_args"].append(f"--label {label}={label_v}")
@@ -447,17 +451,34 @@ class PodQuadlet(Quadlet):
             params["podman_args"].append(f"--pid {params['pid']}")
         if params["pod_id_file"]:
             params["podman_args"].append(f"--pod-id-file {params['pod_id_file']}")
+        if params["security_opt"]:
+            for security_opt in params["security_opt"]:
+                params["podman_args"].append(f"--security-opt {security_opt}")
         if params["share"]:
             params["podman_args"].append(f"--share {params['share']}")
+        if params["share_parent"] is not None:
+            params["podman_args"].append(f"--share-parent={str(params['share_parent']).lower()}")
+        if params["shm_size"]:
+            params["podman_args"].append(f"--shm-size {params['shm_size']}")
+        if params["shm_size_systemd"]:
+            params["podman_args"].append(f"--shm-size-systemd {params['shm_size_systemd']}")
         if params["subgidname"]:
             params["podman_args"].append(f"--subgidname {params['subgidname']}")
         if params["subuidname"]:
             params["podman_args"].append(f"--subuidname {params['subuidname']}")
+        if params["sysctl"]:
+            for k, v in params["sysctl"].items():
+                params["podman_args"].append(f"--sysctl {k}={v}")
         if params["uidmap"]:
             for uidmap in params["uidmap"]:
                 params["podman_args"].append(f"--uidmap {uidmap}")
         if params["userns"]:
             params["podman_args"].append(f"--userns {params['userns']}")
+        if params["uts"]:
+            params["podman_args"].append(f"--uts {params['uts']}")
+        if params["volumes_from"]:
+            for volume in params["volumes_from"]:
+                params["podman_args"].append(f"--volumes-from {volume}")
         if params["debug"]:
             params["global_args"].append("--log-level debug")
 

plugins/modules/podman_pod.py

@@ -227,6 +227,11 @@ options:
     elements: str
     required: false
     type: list
+  gpus:
+    description:
+    - GPU devices to add to the container ('all' to pass all GPUs).
+    type: str
+    required: false
   hostname:
     description:
     - Set a hostname to the pod
@@ -266,6 +271,11 @@ options:
     - Set a static IP for the pod's shared network.
     type: str
     required: false
+  ip6:
+    description:
+    - Set a static IPv6 for the pod's shared network.
+    type: str
+    required: false
   label:
     description:
     - Add metadata to a pod, pass dictionary of label keys and values.
@@ -357,6 +367,12 @@ options:
         options as a list of lines to add.
     type: list
     elements: str
+  security_opt:
+    description:
+    - Security options for the pod.
+    type: list
+    elements: str
+    required: false
   share:
     description:
     - A comma delimited list of kernel namespaces to share. If none or "" is specified,
@@ -364,6 +380,30 @@ options:
       user, uts.
     type: str
     required: false
+  share_parent:
+    description:
+    - This boolean determines whether or not all containers entering the pod use the pod as their cgroup parent.
+      The default value of this option in Podman is true.
+    type: bool
+    required: false
+  shm_size:
+    description:
+    - Set the size of the /dev/shm shared memory space.
+      A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes).
+      If the unit is omitted, the system uses bytes.
+      If the size is omitted, the default is 64m.
+      When size is 0, there is no limit on the amount of memory used for IPC by the pod.
+    type: str
+    required: false
+  shm_size_systemd:
+    description:
+    - Size of systemd-specific tmpfs mounts such as /run, /run/lock, /var/log/journal and /tmp.
+      A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes).
+      If the unit is omitted, the system uses bytes.
+      If the size is omitted, the default is 64m.
+      When size is 0, the usage is limited to 50 percents of the host's available memory.
+    type: str
+    required: false
   subgidname:
     description:
     - Name for GID map from the /etc/subgid file. Using this flag will run the container
@@ -377,6 +417,11 @@ options:
       This flag conflicts with `userns` and `uidmap`.
     required: false
     type: str
+  sysctl:
+    description:
+    - Set kernel parameters for the pod.
+    type: dict
+    required: false
   uidmap:
     description:
     - Run the container in a new user namespace using the supplied mapping.
@@ -393,6 +438,11 @@ options:
       An empty value ("") means user namespaces are disabled.
     required: false
     type: str
+  uts:
+    description:
+    - Set the UTS namespace mode for the pod.
+    required: false
+    type: str
   volume:
     description:
     - Create a bind mount.
@@ -401,6 +451,12 @@ options:
     elements: str
     required: false
     type: list
+  volumes_from:
+    description:
+    - Mount volumes from the specified container.
+    elements: str
+    required: false
+    type: list
   executable:
     description:
     - Path to C(podman) executable if it is not in the C($PATH) on the

tests/integration/targets/podman_pod/tasks/main.yml

@@ -1010,6 +1010,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:
@@ -1052,6 +1054,7 @@
         - "PodmanArgs=--subuidname username1"
         - "PodmanArgs=--userns auto"
         - "PodmanArgs=--add-host host1"
+        - "PodmanArgs=--sysctl net.ipv4.ip_forward=1"
         - "Label=somelabel=labelvalue"
         - "WantedBy=default.target"
       loop_control:
@@ -1075,6 +1078,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:
@@ -1103,6 +1108,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:

tests/integration/targets/podman_pod/tasks/resource-limit.yml

@@ -8,6 +8,7 @@
         cpuset_mems: '0-1'
         cpu_shares: 1024
         device_write_bps: ['/dev/zero:1048576']
+        shm_size: 1G
 
   - name: Create pod for limiting resources
     containers.podman.podman_pod:
@@ -18,6 +19,7 @@
       cpuset_mems: "{{ limit.cpuset_mems }}"
       cpu_shares: "{{ limit.cpu_shares }}"
       device_write_bps: "{{ limit.device_write_bps }}"
+      shm_size: "{{ limit.shm_size }}"
 
   - name: Get information on pod for limiting resources
     containers.podman.podman_pod_info: