containers: ++libpod

5 years ago · d884f210e5
15 changed files with 106 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -52,14 +52,21 @@ $ make
				@@ -52,14 +52,21 @@ $ make

 ### Applications

+- [buildah](https://github.com/containers/buildah) - A tool that facilitates building OCI images.
 - [docker](https://www.docker.com/) - Pack, ship and run any application as a lightweight container.
+- [libpod](https://github.com/containers/libpod/) - Library and podman tool for running OCI-based containers in Pods.
+- [skopeo](https://github.com/containers/skopeo) - Command line utility foroperations on container images and image repositories.
 - [recoll](https://www.lesbonscomptes.com/recoll/) - A personal full text search package.
+- [gentoolkit](https://wiki.gentoo.org/wiki/Project:Portage-Tools) - Collection of administration scripts for Gentoo.
 - ~~[odt2txt](https://github.com/dstosberg/odt2txt/) - Convert OpenDocument files to plain text.~~
 - [sdcv](https://dushistov.github.io/sdcv/) - Console version of StarDict.
+- [tesseract](https://github.com/tesseract-ocr) - An OCR Engine, originally developed at HP, now open source.
 - [zathura](https://pwmt.org/projects/zathura/) - A document viewer.
 - ~~[hlint](https://github.com/ndmitchell/hlint) - Haskell source code suggestions. **[BIN]**~~
 - [tk](https://tcl.tk) - GUI ToolKit for TCL Programming language.
+- [xapian-1.2.25](https://www.xapian.org/) - Xapian Probabilistic Information Retrieval library.
 - [pip](https://pip.pypa.io/) - Installs python packages.
+- [ccache](https://ccache.dev/) - Fast compiler cache.
 - [mutt](http://www.mutt.org/) - A small but very powerful text-based mail client.
 - [procmail](http://www.procmail.org/) - Mail delivery agent.
 - [geeqie](http://www.geeqie.org/) - lightweight image viewer for Linux, BSDs and compatibles.
--- a/playbook.yml
+++ b/playbook.yml
@ -13,7 +13,8 @@
				@@ -13,7 +13,8 @@

    - role: fonts

-    - role: docker-experimental
+    - role: containers
+      tags: containers

    - role: shellrc
      when: ansible_os_family == "Darwin"
--- a/roles/containers/defaults/main.yml
+++ b/roles/containers/defaults/main.yml
@ -0,0 +1,6 @@
				@@ -0,0 +1,6 @@
+
+# docker | libpod
+containers: libpod
+
+min_user_id: 1000
+
--- a/roles/docker-experimental/handlers/main.yml
+++ b/roles/docker-experimental/handlers/main.yml
--- a/roles/docker-experimental/tasks/main.yml
+++ b/roles/docker-experimental/tasks/main.yml
@ -1,6 +1,8 @@
				@@ -1,6 +1,8 @@
+---
+
 - name: Enable experimental docker mode
  template:
-    src: daemon.json.j2
+    src: docker/daemon.json.j2
    dest: /etc/docker/daemon.json
  notify: restart docker

--- a/roles/containers/tasks/libpod.yml
+++ b/roles/containers/tasks/libpod.yml
@ -0,0 +1,34 @@
				@@ -0,0 +1,34 @@
+---
+
+- name: Retrieve information about users
+  getent:
+    database: passwd
+
+- name: "Adjust subordinate UID/GID range for users"
+  shell: >
+    usermod --add-subuids 1065536-1131071 --add-subgids 1065536-1131071 {{ item.key }}
+  when:
+    - 'item.value.1 | int >= min_user_id'
+    - '"home" in item.value.4'
+  with_items:
+    - "{{ getent_passwd | dict2items }}"
+
+- name: Configure libpod
+  template:
+    src: "libpod/{{ item }}.j2"
+    dest: "/etc/containers/{{ item }}"
+  loop:
+    - policy.json
+    - registries.conf
+
+- name: Load tun kernel module
+  modprobe:
+    name: tun
+    state: present
+
+- name: Load tun kernel module at boot time
+  lineinfile:
+    path: /etc/modules-load.d/libpod.conf
+    regexp: '^tun'
+    line: 'tun'
+    create: yes
--- a/roles/containers/tasks/main.yml
+++ b/roles/containers/tasks/main.yml
@ -0,0 +1,4 @@
				@@ -0,0 +1,4 @@
+---
+
+- include: "{{ containers | default('docker') }}.yml"
+
--- a/roles/docker-experimental/templates/daemon.json.j2
+++ b/roles/docker-experimental/templates/daemon.json.j2
--- a/roles/containers/templates/libpod/policy.json.j2
+++ b/roles/containers/templates/libpod/policy.json.j2
@ -0,0 +1,7 @@
				@@ -0,0 +1,7 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ]
+}
--- a/roles/containers/templates/libpod/registries.conf.j2
+++ b/roles/containers/templates/libpod/registries.conf.j2
@ -0,0 +1,9 @@
				@@ -0,0 +1,9 @@
+[registries.search]
+registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']
+
+[registries.insecure]
+registries = []
+
+#blocked (docker only)
+[registries.block]
+registries = []
--- a/roles/linux-gentoo/vars/applications.yml
+++ b/roles/linux-gentoo/vars/applications.yml
@ -17,6 +17,20 @@ apps:
				@@ -17,6 +17,20 @@ apps:
  mask:
  unmask:
    - app-admin/ansible-lint
+
+    # Containers
+    - app-emulation/buildah
+    - app-emulation/libpod
+    - app-emulation/skopeo
+    - net-misc/cni-plugins
+    #- sys-fs/lvm2
+    - net-libs/libslirp
+    #- sys-block/thin-provisioning-tools
+    - app-emulation/slirp4netns
+    - app-emulation/conmon
+    #- dev-libs/libaio
+    - sys-fs/fuse-overlayfs
+
    - app-misc/nnn
    - app-text/docx2txt
    - dev-haskell/stack-bin ~amd64
@ -28,6 +42,9 @@ apps:
				@@ -28,6 +42,9 @@ apps:
    - app-arch/unrar                      # https://www.rarlab.com/ Extract, view, and test RAR archives.
    - app-editors/neovim                  # https://neovim.io/ Ambitious Vim-fork focused on extensibility and agility.
    - app-emulation/docker                # https://www.docker.com/ Pack, ship and run any application as a lightweight container.
+    - app-emulation/buildah               # https://github.com/containers/buildah A tool that facilitates building OCI images.
+    - app-emulation/skopeo                # https://github.com/containers/skopeo Command line utility foroperations on container images and image repositories.
+    - app-emulation/libpod                # https://github.com/containers/libpod/ Library and podman tool for running OCI-based containers in Pods.
    - app-misc/jq                         # https://stedolan.github.io/jq/ Lightweight and flexible command-line JSON processor.
    - app-misc/nnn                        # https://github.com/jarun/nnn Tiny, lightning fast, feature-packed file manager.
    - app-misc/vifm                       # https://vifm.info/ Ncurses based file manager with vi like keybindings.
--- a/roles/linux-gentoo/vars/portage.yml
+++ b/roles/linux-gentoo/vars/portage.yml
@ -108,6 +108,8 @@ gentoo:
				@@ -108,6 +108,8 @@ gentoo:
      - www-client/w3m               imlib # Add support for imlib, an image loading and rendering library.
      - sys-apps/coreutils           xattr # Required by calculate-utils
      # - sys-apps/help2man          -nls  # Required by calculate-utils
+      - net-firewall/iptables        ipv6   # Required by libpod/podman
+
    enabled:
      - minimal                      # Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features).
      - unicode                      # Add support for Unicode.
@ -116,6 +118,7 @@ gentoo:
				@@ -116,6 +118,7 @@ gentoo:
      #- glibc-omitfp                # Нужен для CFLAGS="-fomit-frame-pointer"
      #- graphite
      #- xinerama
+
    disabled:
      - imap                         # Add support for IMAP (Internet Mail Application Protocol).
      - xattr                        # Add support for extended attributes (filesystem-stored metadata)