Add security related podman options

These options can be used instead of the --privileged option with
some containerised services in TripleO.

Change-Id: If1d97e5f1697fdc1d6a7b845cf116d54b1897245
(cherry picked from commit fbacb3752f)
This commit is contained in:
Grzegorz Grasza 2020-05-22 16:28:11 +02:00 committed by Emilien Macchi
parent a3dc676d6b
commit 3bfbb34d71
1 changed files with 3 additions and 0 deletions

View File

@ -35,6 +35,7 @@
loop_control:
loop_var: container_data
podman_container:
annotation: "{{ lookup('dict', container_data).value.annotation | default(omit) }}"
cap_add: "{{ lookup('dict', container_data).value.cap_add | default(omit) }}"
cap_drop: "{{ lookup('dict', container_data).value.cap_drop | default(omit) }}"
command: "{{ lookup('dict', container_data).value.command | default(omit) }}"
@ -43,6 +44,7 @@
# cpuset_cpus: "{{ lookup('dict', container_data).value.cpuset_cpus | default(omit) }}"
debug: true
detach: "{{ lookup('dict', container_data).value.detach | default(true) }}"
device: "{{ lookup('dict', container_data).value.device | default(omit) }}"
entrypoint: "{{ lookup('dict', container_data).value.entrypoint | default(omit) }}"
env: "{{ lookup('dict', container_data).value.environment | default(omit) }}"
env_file: "{{ lookup('dict', container_data).value.env_file | default(omit) }}"
@ -71,6 +73,7 @@
state: present
stop_signal: "{{ lookup('dict', container_data).value.stop_signal | default(omit) }}"
stop_timeout: "{{ lookup('dict', container_data).value.stop_grace_period | default(omit) | int }}"
sysctl: "{{ lookup('dict', container_data).value.sysctl | default(omit) }}"
tty: "{{ lookup('dict', container_data).value.tty | default(false) }}"
ulimit: "{{ lookup('dict', container_data).value.ulimit | default(omit) }}"
user: "{{ lookup('dict', container_data).value.user | default(omit) }}"