Trying to setup containers with podman in a predictable manner, but failing. Not sure if an issue with containers.podman or me not understanding the documentation.
When I first encountered this issue, I had exit code 125 but then on container creation (container already existed), no matter if the container state was created or present which confused me. I expected it to check if the container existed, but it always tried to recreate it instead, leading to failures.
Tried to simplify my playbook down to below, so it’s not 100% the same as my initial issue, but the behaviour seems to be the same. I can include my other playbook if interesting as well, it’s just setting up two other containers in the same pod with the same pattern as below.
Playbooks
Working example
Below is the shortest playbook I could come up with. Below is working as expected, idempotent and all.
# This works as expected! See the second playbook for the issue.
---
- name: "Setup container"
hosts: 127.0.0.1
connection: local
become: true
tasks:
- name: "Create test container"
containers.podman.podman_container:
name: "hello-nginx"
state: created
image: "docker.io/library/nginx:1.27"
- name: "Generate systemd configuration"
containers.podman.podman_generate_systemd:
name: "hello-nginx"
dest: "/etc/systemd/system"
new: true
restart_policy: "on-failure"
register: gensystemd
- name: "Reload systemd if necessary"
ansible.builtin.systemd:
daemon_reload: true
scope: "system"
when: gensystemd.changed
- name: "Enable and start container"
ansible.builtin.systemd:
name: "container-hello-nginx.service"
enabled: true
state: "started"
scope: "system"
The reason I generate systemd configuration in a discrete step (and not in the container creation step) is a leftover from the second playbook where I try to wrap everything in a pod, and then I want to create the pod, containers and then generate systemd files.
Not working
Below is one example of unexpected behaviour - it will fail every other time!
# This does not work as expected! It fails to setup a container every other execution.
---
- name: "Setup container"
hosts: 127.0.0.1
connection: local
become: true
tasks:
# New step, creating a pod
- name: "Create test pod"
containers.podman.podman_pod:
name: "test"
state: created
publish:
- 8080:80
- 8443:443
- name: "Create test container"
containers.podman.podman_container:
name: "hello-nginx"
pod: "test" # add container to pod
state: created
image: "docker.io/library/nginx:1.27"
- name: "Generate systemd configuration"
containers.podman.podman_generate_systemd:
name: "test" # generate pod systemd units
dest: "/etc/systemd/system"
new: true
restart_policy: "on-failure"
register: gensystemd
- name: "Reload systemd if necessary"
ansible.builtin.systemd:
daemon_reload: true
scope: "system"
when: gensystemd.changed
- name: "Enable and start container"
ansible.builtin.systemd:
name: "pod-test.service" # enable and start pod instead
enabled: true
state: "started"
scope: "system"
Execution run logs
First pod setup run
oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [Setup container] *********************************************************
TASK [Gathering Facts] *********************************************************
ok: [127.0.0.1]
TASK [Create test pod] *********************************************************
changed: [127.0.0.1]
TASK [Create test container] ***************************************************
changed: [127.0.0.1]
TASK [Generate systemd configuration] ******************************************
changed: [127.0.0.1]
TASK [Reload systemd if necessary] *********************************************
ok: [127.0.0.1]
TASK [Enable and start container] **********************************************
changed: [127.0.0.1]
PLAY RECAP *********************************************************************
127.0.0.1 : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Second pod setup run
This step should be idempotent? Notice test pod returns OK, but the container creation fails due to no pod?
oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [Setup container] *****************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [127.0.0.1]
TASK [Create test pod] *****************************************************************************************************************************************
ok: [127.0.0.1]
TASK [Create test container] ***********************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Container hello-nginx exited with code 125 when createed", "stderr": "Error: no pod with name or ID test found: no such pod\n", "stderr_lines": ["Error: no pod with name or ID test found: no such pod"], "stdout": "", "stdout_lines": []}
PLAY RECAP *****************************************************************************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Third pod setup run
All fine again. Guessing that the prior run tore down pods and containers, and running again just recreated everything as expected again.
oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [Setup container] *****************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [127.0.0.1]
TASK [Create test pod] *****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [Create test container] ***********************************************************************************************************************************
changed: [127.0.0.1]
TASK [Generate systemd configuration] **************************************************************************************************************************
ok: [127.0.0.1]
TASK [Reload systemd if necessary] *****************************************************************************************************************************
skipping: [127.0.0.1]
TASK [Enable and start container] ******************************************************************************************************************************
changed: [127.0.0.1]
PLAY RECAP *****************************************************************************************************************************************************
127.0.0.1 : ok=5 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Test environment
Everything running on Debian 12 in a VM.
Relevant versions:
ansible [core 2.17.2]
config file = None
configured module search path = ['/home/oscar/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/oscar/.local/pipx/venvs/ansible/lib/python3.11/site-packages/ansible
ansible collection location = /home/oscar/.ansible/collections:/usr/share/ansible/collections
executable location = /home/oscar/.local/bin/ansible
python version = 3.11.2 (main, May 2 2024, 11:59:08) [GCC 12.2.0] (/home/oscar/.local/pipx/venvs/ansible/bin/python)
jinja version = 3.1.4
libyaml = True
I installed Ansible like below:
sudo apt install pipx podman
pipx install --include-deps ansible
pipx ensurepath
Conclusion
Am I using containers.podman wrong, or is this an issue with the idempotency checks in the collection?