playbooks: switch from docker to podman

This has been tested on a CentOS Stream 9 host.

Signed-off-by: Paolo Bonzini <[email protected]>

Author: bonzini

scripts/playbooks/deploy-appliers.yml

@@ -47,6 +47,6 @@
       template:
         src: "templates/applier-config.j2"
         dest: "{{ config_file }}"
-    - import_tasks: tasks/docker-deploy.yml
+    - import_tasks: tasks/podman-deploy.yml
       vars:
         instance_role: applier

scripts/playbooks/deploy-db.yml

@@ -12,11 +12,16 @@
     base_dir: "{{ container_dir }}/{{ instance_name }}"
     src_dir: "{{ base_dir }}/src"
     data_dir: "{{ base_dir }}/data"
+    podman_run_args: "--net patchew"
   tasks:
     - name: Create data dir
       file:
         path: "{{ data_dir }}"
         state: directory
-    - import_tasks: tasks/docker-deploy.yml
+    - name: Create podman network
+      containers.podman.podman_network:
+        name: patchew
+      become: true
+    - import_tasks: tasks/podman-deploy.yml
       vars:
         instance_role: db

scripts/playbooks/deploy-importers-lore.yml

@@ -28,7 +28,7 @@
     src_dir: "{{ base_dir }}/src"
     data_dir: "{{ base_dir }}/data"
     config_file: "{{ data_dir }}/config"
-    docker_run_args: "--init"
+    podman_run_args: "--init"
   tasks:
     - name: Create data dir
       file:
@@ -38,6 +38,6 @@
       template:
         src: "templates/importer-lore-config.j2"
         dest: "{{ config_file }}"
-    - import_tasks: tasks/docker-deploy.yml
+    - import_tasks: tasks/podman-deploy.yml
       vars:
         instance_role: importer-lore

scripts/playbooks/deploy-importers.yml

@@ -58,6 +58,6 @@
       template:
         src: "templates/importer-config.j2"
         dest: "{{ config_file }}"
-    - import_tasks: tasks/docker-deploy.yml
+    - import_tasks: tasks/podman-deploy.yml
       vars:
         instance_role: importer

scripts/playbooks/deploy-servers.yml

@@ -25,19 +25,23 @@
     src_dir: "{{ base_dir }}/src"
     data_dir: "{{ base_dir }}/data"
     db_arg: "{{ '-e PATCHEW_DB_PORT_5432_TCP_ADDR=' if db_host != '' else '' }}{{ db_host }}"
-    docker_run_args: "--link {{ instance_name }}-db:patchew-db {{db_arg}}"
+    podman_run_args: "--net patchew {{db_arg}}"
   tasks:
     - name: Create data dir
       file:
         path: "{{ data_dir }}"
         state: directory
-    - import_tasks: tasks/docker-deploy.yml
+    - name: Create podman network
+      containers.podman.podman_network:
+        name: patchew
+      become: true
+    - import_tasks: tasks/podman-deploy.yml
       vars:
         instance_role: server
     - name: Create superuser
       when: superuser_name != ""
       shell: |
-        docker exec -i {{ instance_name }} bash -c "
+        podman exec -i {{ instance_name }} bash -c "
         cd /opt/patchew &&
         . venv/bin/activate &&
         ./manage.py migrate &&

scripts/playbooks/tasks/docker-deploy.yml

@@ -0,0 +1,68 @@
+---
+- name: Install rsync
+  package:
+    name: rsync
+- name: Install pip
+  package:
+    name: python3-pip
+- name: Install podman
+  package:
+    name: podman
+- name: Stop systemd service for "{{ instance_name }}"
+  service:
+    name: "{{ instance_name }}"
+    state: stopped
+  ignore_errors: yes
+- name: Stop podman instance
+  containers.podman.podman_container:
+    name: "{{ instance_name }}"
+    state: absent
+- name: Create patchew data folder
+  file:
+    path: "{{ data_dir }}"
+    state: directory
+- name: Copy source
+  synchronize:
+    src: ../../../
+    dest: "{{ src_dir }}"
+    recursive: true
+    group: no
+    owner: no
+    delete: yes
+    rsync_opts:
+      - "--exclude=__pycache__"
+      - "--exclude=*.pyc"
+      - "--exclude=*.pyo"
+      - "--exclude=*.sw*"
+      - "--exclude=/venv"
+- name: Check for existing backup image
+  containers.podman.podman_image_info:
+    name: "patchew:{{ instance_name }}-prev"
+  register: prev_image
+- name: Delete old podman image stash
+  shell: "podman untag 'patchew:{{ instance_name }}-prev'"
+  when: prev_image.images
+- name: Check for existing image
+  containers.podman.podman_image_info:
+    name: "patchew:{{ instance_name }}"
+  register: current_image
+- name: Stash podman image
+  containers.podman.podman_tag:
+    image: "patchew:{{ instance_name }}"
+    target_names: "patchew:{{ instance_name }}-prev"
+  when: current_image.images
+- name: Rebuild podman image
+  # docker_image module wants a file named Dockerfile
+  shell: "podman build -t 'patchew:{{ instance_name }}' -f '{{ src_dir }}/scripts/dockerfiles/{{ instance_role }}.docker' '{{ src_dir }}'"
+- name: Install systemd service
+  template:
+    src: "templates/podman.service.j2"
+    dest: "/etc/systemd/system/{{ instance_name }}.service"
+- name: Systemd daemon reload
+  systemd:
+    daemon_reload: yes
+- name: Start podman instance
+  service:
+    name: "{{ instance_name }}"
+    state: restarted
+    enabled: yes

scripts/playbooks/tasks/podman-deploy.yml

@@ -0,0 +1,19 @@
+[Unit]
+Description=Patchew podman instance control service for {{ instance_name }}
+Requires=network.target
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Restart=always
+ExecStartPre=-podman stop {{ instance_name }} ; -podman rm {{ instance_name }}
+ExecStart=podman run --privileged --name {{ instance_name }} \
+    -v {{ data_dir }}:/data/patchew:rw \
+    -e PATCHEW_DATA_DIR=/data/patchew \
+    {{ podman_run_args | default() }} \
+    patchew:{{ instance_name }}
+ExecStop=podman stop -t 10 {{ instance_name }}
+RestartSec=60
+
+[Install]
+WantedBy=default.target