From b987120fa0bde780d38ee757dab5c14a601224d0 Mon Sep 17 00:00:00 2001 From: Sergey <6213510+sshnaidm@users.noreply.github.com> Date: Thu, 16 May 2024 14:50:47 +0300 Subject: [PATCH] Add new options to pod module (#745) Fix #742 Signed-off-by: Sagi Shnaidman --- plugins/module_utils/podman/podman_pod_lib.py | 44 +++++++++++++++ plugins/module_utils/podman/quadlet.py | 21 +++++++ plugins/modules/podman_pod.py | 56 +++++++++++++++++++ .../targets/podman_pod/tasks/main.yml | 7 +++ .../podman_pod/tasks/resource-limit.yml | 2 + 5 files changed, 130 insertions(+) diff --git a/plugins/module_utils/podman/podman_pod_lib.py b/plugins/module_utils/podman/podman_pod_lib.py index 9e66a30..c81321f 100644 --- a/plugins/module_utils/podman/podman_pod_lib.py +++ b/plugins/module_utils/podman/podman_pod_lib.py @@ -43,6 +43,7 @@ ARGUMENTS_SPEC_POD = dict( dns_search=dict(type='list', elements='str', required=False), generate_systemd=dict(type='dict', default={}), gidmap=dict(type='list', elements='str', required=False), + gpus=dict(type='str', required=False), hostname=dict(type='str', required=False), infra=dict(type='bool', required=False), infra_conmon_pidfile=dict(type='str', required=False), @@ -50,6 +51,7 @@ ARGUMENTS_SPEC_POD = dict( infra_image=dict(type='str', required=False), infra_name=dict(type='str', required=False), ip=dict(type='str', required=False), + ip6=dict(type='str', required=False), label=dict(type='dict', required=False), label_file=dict(type='str', required=False), mac_address=dict(type='str', required=False), @@ -67,13 +69,20 @@ ARGUMENTS_SPEC_POD = dict( quadlet_dir=dict(type='path'), quadlet_filename=dict(type='str'), quadlet_options=dict(type='list', elements='str'), + security_opt=dict(type='list', elements='str', required=False), share=dict(type='str', required=False), + share_parent=dict(type='bool', required=False), + shm_size=dict(type='str', required=False), + shm_size_systemd=dict(type='str', required=False), subgidname=dict(type='str', required=False), subuidname=dict(type='str', required=False), + sysctl=dict(type='dict', required=False), uidmap=dict(type='list', elements='str', required=False), userns=dict(type='str', required=False), + uts=dict(type='str', required=False), volume=dict(type='list', elements='str', aliases=['volumes'], required=False), + volumes_from=dict(type='list', elements='str', required=False), executable=dict(type='str', required=False, default='podman'), debug=dict(type='bool', default=False), ) @@ -213,6 +222,9 @@ class PodmanPodModuleParams: c += ['--gidmap', gidmap] return c + def addparam_gpus(self, c): + return c + ['--gpus', self.params['gpus']] + def addparam_hostname(self, c): return c + ['--hostname', self.params['hostname']] @@ -236,6 +248,9 @@ class PodmanPodModuleParams: def addparam_ip(self, c): return c + ['--ip', self.params['ip']] + def addparam_ip6(self, c): + return c + ['--ip6', self.params['ip6']] + def addparam_label(self, c): for label in self.params['label'].items(): c += ['--label', b'='.join( @@ -285,15 +300,36 @@ class PodmanPodModuleParams: c += ['--publish', g] return c + def addparam_security_opt(self, c): + for g in self.params['security_opt']: + c += ['--security-opt', g] + return c + def addparam_share(self, c): return c + ['--share', self.params['share']] + def addparam_share_parent(self, c): + if self.params['share_parent'] is not None: + return c + ['--share-parent=%s' % self.params['share_parent']] + return c + + def addparam_shm_size(self, c): + return c + ['--shm-size=%s' % self.params['shm_size']] + + def addparam_shm_size_systemd(self, c): + return c + ['--shm-size-systemd=%s' % self.params['shm_size_systemd']] + def addparam_subgidname(self, c): return c + ['--subgidname', self.params['subgidname']] def addparam_subuidname(self, c): return c + ['--subuidname', self.params['subuidname']] + def addparam_sysctl(self, c): + for k, v in self.params['sysctl'].items(): + c += ['--sysctl', "%s=%s" % (k, v)] + return c + def addparam_uidmap(self, c): for uidmap in self.params['uidmap']: c += ['--uidmap', uidmap] @@ -302,12 +338,20 @@ class PodmanPodModuleParams: def addparam_userns(self, c): return c + ['--userns', self.params['userns']] + def addparam_uts(self, c): + return c + ['--uts', self.params['uts']] + def addparam_volume(self, c): for vol in self.params['volume']: if vol: c += ['--volume', vol] return c + def addparam_volumes_from(self, c): + for vol in self.params['volumes_from']: + c += ['--volumes-from', vol] + return c + class PodmanPodDefaults: def __init__(self, module, podman_version): diff --git a/plugins/module_utils/podman/quadlet.py b/plugins/module_utils/podman/quadlet.py index 17764b6..926202b 100644 --- a/plugins/module_utils/podman/quadlet.py +++ b/plugins/module_utils/podman/quadlet.py @@ -416,6 +416,8 @@ class PodQuadlet(Quadlet): if params["gidmap"]: for gidmap in params["gidmap"]: params["podman_args"].append(f"--gidmap {gidmap}") + if params["gpus"]: + params["podman_args"].append(f"--gpus {params['gpus']}") if params["hostname"]: params["podman_args"].append(f"--hostname {params['hostname']}") if params["infra"]: @@ -430,6 +432,8 @@ class PodQuadlet(Quadlet): params["podman_args"].append(f"--infra-name {params['infra_name']}") if params["ip"]: params["podman_args"].append(f"--ip {params['ip']}") + if params["ip6"]: + params["podman_args"].append(f"--ip6 {params['ip6']}") if params["label"]: for label, label_v in params["label"].items(): params["podman_args"].append(f"--label {label}={label_v}") @@ -447,17 +451,34 @@ class PodQuadlet(Quadlet): params["podman_args"].append(f"--pid {params['pid']}") if params["pod_id_file"]: params["podman_args"].append(f"--pod-id-file {params['pod_id_file']}") + if params["security_opt"]: + for security_opt in params["security_opt"]: + params["podman_args"].append(f"--security-opt {security_opt}") if params["share"]: params["podman_args"].append(f"--share {params['share']}") + if params["share_parent"] is not None: + params["podman_args"].append(f"--share-parent={str(params['share_parent']).lower()}") + if params["shm_size"]: + params["podman_args"].append(f"--shm-size {params['shm_size']}") + if params["shm_size_systemd"]: + params["podman_args"].append(f"--shm-size-systemd {params['shm_size_systemd']}") if params["subgidname"]: params["podman_args"].append(f"--subgidname {params['subgidname']}") if params["subuidname"]: params["podman_args"].append(f"--subuidname {params['subuidname']}") + if params["sysctl"]: + for k, v in params["sysctl"].items(): + params["podman_args"].append(f"--sysctl {k}={v}") if params["uidmap"]: for uidmap in params["uidmap"]: params["podman_args"].append(f"--uidmap {uidmap}") if params["userns"]: params["podman_args"].append(f"--userns {params['userns']}") + if params["uts"]: + params["podman_args"].append(f"--uts {params['uts']}") + if params["volumes_from"]: + for volume in params["volumes_from"]: + params["podman_args"].append(f"--volumes-from {volume}") if params["debug"]: params["global_args"].append("--log-level debug") diff --git a/plugins/modules/podman_pod.py b/plugins/modules/podman_pod.py index a975921..2d06d02 100644 --- a/plugins/modules/podman_pod.py +++ b/plugins/modules/podman_pod.py @@ -227,6 +227,11 @@ options: elements: str required: false type: list + gpus: + description: + - GPU devices to add to the container ('all' to pass all GPUs). + type: str + required: false hostname: description: - Set a hostname to the pod @@ -266,6 +271,11 @@ options: - Set a static IP for the pod's shared network. type: str required: false + ip6: + description: + - Set a static IPv6 for the pod's shared network. + type: str + required: false label: description: - Add metadata to a pod, pass dictionary of label keys and values. @@ -357,6 +367,12 @@ options: options as a list of lines to add. type: list elements: str + security_opt: + description: + - Security options for the pod. + type: list + elements: str + required: false share: description: - A comma delimited list of kernel namespaces to share. If none or "" is specified, @@ -364,6 +380,30 @@ options: user, uts. type: str required: false + share_parent: + description: + - This boolean determines whether or not all containers entering the pod use the pod as their cgroup parent. + The default value of this option in Podman is true. + type: bool + required: false + shm_size: + description: + - Set the size of the /dev/shm shared memory space. + A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes). + If the unit is omitted, the system uses bytes. + If the size is omitted, the default is 64m. + When size is 0, there is no limit on the amount of memory used for IPC by the pod. + type: str + required: false + shm_size_systemd: + description: + - Size of systemd-specific tmpfs mounts such as /run, /run/lock, /var/log/journal and /tmp. + A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes). + If the unit is omitted, the system uses bytes. + If the size is omitted, the default is 64m. + When size is 0, the usage is limited to 50 percents of the host's available memory. + type: str + required: false subgidname: description: - Name for GID map from the /etc/subgid file. Using this flag will run the container @@ -377,6 +417,11 @@ options: This flag conflicts with `userns` and `uidmap`. required: false type: str + sysctl: + description: + - Set kernel parameters for the pod. + type: dict + required: false uidmap: description: - Run the container in a new user namespace using the supplied mapping. @@ -393,6 +438,11 @@ options: An empty value ("") means user namespaces are disabled. required: false type: str + uts: + description: + - Set the UTS namespace mode for the pod. + required: false + type: str volume: description: - Create a bind mount. @@ -401,6 +451,12 @@ options: elements: str required: false type: list + volumes_from: + description: + - Mount volumes from the specified container. + elements: str + required: false + type: list executable: description: - Path to C(podman) executable if it is not in the C($PATH) on the diff --git a/tests/integration/targets/podman_pod/tasks/main.yml b/tests/integration/targets/podman_pod/tasks/main.yml index cb455aa..51a0d16 100644 --- a/tests/integration/targets/podman_pod/tasks/main.yml +++ b/tests/integration/targets/podman_pod/tasks/main.yml @@ -1010,6 +1010,8 @@ subuidname: username1 userns: auto publish: 8000:8001 + sysctl: + "net.ipv4.ip_forward": 1 add_host: - host1 volume: @@ -1052,6 +1054,7 @@ - "PodmanArgs=--subuidname username1" - "PodmanArgs=--userns auto" - "PodmanArgs=--add-host host1" + - "PodmanArgs=--sysctl net.ipv4.ip_forward=1" - "Label=somelabel=labelvalue" - "WantedBy=default.target" loop_control: @@ -1075,6 +1078,8 @@ subuidname: username1 userns: auto publish: 8000:8001 + sysctl: + "net.ipv4.ip_forward": 1 add_host: - host1 volume: @@ -1103,6 +1108,8 @@ subuidname: username1 userns: auto publish: 8000:8001 + sysctl: + "net.ipv4.ip_forward": 1 add_host: - host1 volume: diff --git a/tests/integration/targets/podman_pod/tasks/resource-limit.yml b/tests/integration/targets/podman_pod/tasks/resource-limit.yml index 8727d6e..83b673a 100644 --- a/tests/integration/targets/podman_pod/tasks/resource-limit.yml +++ b/tests/integration/targets/podman_pod/tasks/resource-limit.yml @@ -8,6 +8,7 @@ cpuset_mems: '0-1' cpu_shares: 1024 device_write_bps: ['/dev/zero:1048576'] + shm_size: 1G - name: Create pod for limiting resources containers.podman.podman_pod: @@ -18,6 +19,7 @@ cpuset_mems: "{{ limit.cpuset_mems }}" cpu_shares: "{{ limit.cpu_shares }}" device_write_bps: "{{ limit.device_write_bps }}" + shm_size: "{{ limit.shm_size }}" - name: Get information on pod for limiting resources containers.podman.podman_pod_info: