issue with containers.podman.podman_container on the 'user' attribute

[avnav0]

when i create a container with an argument for 'users' i get the following error:

fatal: [gitlab_dev]: FAILED! => {"changed": false, "msg": "Can't run container nginx.main", "stderr": "Error: unable to find user admin: no matching entries in passwd file\n", "stderr_lines": ["Error: unable to find user admin: no matching entries in passwd file"], "stdout": "", "stdout_lines": []}

here is my playbook:

---
- name: Setup Nginx as the webserver (in a container)
  hosts: all
  
  tasks:
    # -- NGINX -- #
    # volumes are needed in order to make adjustments to configs easier
    - name: 1. Setup a volumes location for the nginx container.
      file:
        path: "{{ item }}"
        state: directory
        #TODO: make this more secure
        mode: "0770"
        owner: admin
        group: admin
      loop:
        - /home/admin/_volumes/nginx
        - /home/admin/_volumes/nginx/sites
    
    - name: 2. Pull the appropriate nginx image
      containers.podman.podman_image:
        name: docker.io/library/nginx:1.23.2
    
    - name: 3. Create a temporary nginx container to copy config files from
      containers.podman.podman_container:
        name: nginx.vols
        image: docker.io/library/nginx:1.23.2
        state: started
        
    # the following is done in a shell script because there is no module for podman cp
    - name: 4. copy config files from temp nginx container into volumes dir
      shell: | 
        cont_num=$(podman ps -aqf "name=nginx.vols")
        podman cp $cont_num:/etc/nginx/. /home/admin/_volumes/nginx
        podman stop nginx.vols && podman rm nginx.vols
      args:
        executable: /bin/bash
        
    # needs refactoring using variables or something
    - name: 5. update the nginx config with host IP
      shell: | 
        # Get the IP address
        HOST_IP=$(hostname -I | awk '{print $1}')

        # Create the nginx configuration file
        NGINX=$(cat << EOF
        server {
            listen       8080;
            server_name  $HOST_IP;

            #access_log  /var/log/nginx/host.access.log  main;

            location / {
                root   /usr/share/nginx/html;
                index  index.html index.htm;
            }

            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   /usr/share/nginx/html;
            }
        }
        EOF
        )
        echo "$NGINX" > /home/admin/_volumes/nginx/conf.d/default.conf
      args:
        executable: /bin/bash

    - name: 6. drop any nginx container previously setup
      containers.podman.podman_container:
        name: nginx.main
        image: docker.io/library/nginx:1.23.2
        state: absent

# NOTE: tried this, but the 'user' param leads to an error!
    - name: 7. setup Nginx container to serve via port 80
      containers.podman.podman_container:
        name: nginx.main
        image: docker.io/library/nginx:1.23.2
        user: "admin"
        ports:
          - "0.0.0.0:8081:8080"
          - "0.0.0.0:4431:4430"
        volumes:
          - /home/admin/_volumes/nginx:/etc/nginx \
          - /home/admin/_volumes/nginx/sites:/usr/share/nginx/html \
        restart_policy: always
        state: started

tried it with: user: admin also.

if i don't set users to 'admin', then the volumes won't work, because the permissions on the files on the host are set to 0770.

maybe i'm missing something? thanks!

[avnav0]

tried it with user: host does not work, same error.

but this works:

        
        podman stop nginx.main -f > /dev/null 2>&1
        podman rm nginx.main -f > /dev/null 2>&1
        podman run --name nginx.main \
        --user host \
        -p 0.0.0.0:8081:8080 -p 0.0.0.0:4431:4430 \
        --restart always \
        -v /home/admin/_volumes/nginx:/etc/nginx \
        -v /home/admin/_volumes/nginx/sites:/usr/share/nginx/html \
        nginx:1.23.2

[milohb]

I experienced the same error, but could work around by using the uid.

[sshnaidm]

I suppose it has nothing to do with Ansible collection.