Manage Podman with Salt.
This formula can also install docker-compose/podman-compose and make Podman work with the docker Salt execution/state module, as far as podman is compatible with the API.
Currently, it is only tested (manually) on Debian 11+, Rocky Linux, Fedora 38+ and SUSE. Other distributions are definitely in scope and will be added at some point.
Table of Contents
See the full SaltStack Formulas installation and usage instructions.
If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.
If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.
See Formula Versioning Section for more details.
If you need (non-default) configuration, please refer to:
- how to configure the formula with map.jinja
- the
pillar.examplefile - the Special notes section
- The Debian 11 stable repository packages an outdated version of
podman, hence the possibility to enablesidorexperimental(discouraged, might break your system). - Rootless support currently depends on the package, I have observed some difficulty with the more current package in
sid.
An example pillar is provided, please see pillar.example. Note that you do not need to specify everything by pillar. Often, it's much easier and less resource-heavy to use the parameters/<grain>/<value>.yaml files for non-sensitive settings. The underlying logic is explained in map.jinja.
The following states are found in this formula:
Meta-state.
This installs Podman, manages the Podman configuration, possibly starts the podman socket and creates and starts configured containers with their rootless user accounts.
Installs the Podman package and possibly podman-compose/docker-compose.
This state will install the configured podman repository. This works for apt/dnf/yum/zypper-based distributions only by default.
Installs necessary requirements to be able to somewhat use the Salt docker modules with Podman.
See also: saltstack/salt#50624 (comment)
Manages the Podman configuration. Has a dependency on podman.package.
Starts the podman service and enables it at boot time. Has a dependency on podman.config.
Meta-state.
Manages rootless user accounts, creates configured containers, secrets and installs and runs the containers using systemd service units.
Manages rootless user accounts, creates configured containers, secrets and installs the containers as services. Has a dependency on podman.config or podman.service., depending on if any container runs rootful or not.
Starts the configured containers' services. Has a dependency on podman.containers.package.
Meta-state.
Undoes everything performed in the podman meta-state in reverse order, i.e. stops and deletes configured containers and their rootless user accounts, possibly stops the podman socket, removes the Podman configuration and uninstalls the Podman package.
Removes Podman and possibly podman-compose/docker-compose and has a dependency on podman.config.clean.
This state will remove the configured podman repository. This works for apt/dnf/yum/zypper-based distributions only by default.
Removes the symlink from the expected Docker socket to the actual Podman socket.
Removes the Podman configuration and has a dependency on podman.service.clean.
Stops the podman service and disables it at boot time.
Meta-state.
Undoes everything performed in the podman.compose meta-state in reverse order, i.e. stops and removes the configured containers' services, removes configured secrets and containers, removes rootless user accounts.
Removes rootless user accounts, configured containers, secrets and the containers' unit files. Has a dependency on podman.containers.service.clean.
Stops the configured containers' services.
Commit message formatting is significant!
Please see How to contribute for more details.
pre-commit is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes. First install the pre-commit package manager using the appropriate method, then run bin/install-hooks and now pre-commit will run automatically on each git commit. :
$ bin/install-hooks
pre-commit installed at .git/hooks/pre-commit
pre-commit installed at .git/hooks/commit-msgThere is a script that semi-autodocuments available states: bin/slsdoc.
If a .sls file begins with a Jinja comment, it will dump that into the docs. It can be configured differently depending on the formula. See the script source code for details currently.
This means if you feel a state should be documented, make sure to write a comment explaining it.
Linux testing is done with kitchen-salt.
- Ruby
- Docker
$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.
Creates the docker instance and runs the podman main state, ready for testing.
Runs the inspec tests on the actual instance.
Removes the docker instance.
Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.
Gives you SSH access to the instance for manual testing.
- better rootless support
#(apt)
rootless:
- dbus-user-session
- slirp4netns
- uidmap
- fuse-overlayfs # kernels < 5.11
#(dnf)
rootless:
- dbus-daemon # dbus-user-session
- slirp4netns
- shadow-utils # uidmap