Add new options to pod module (#745)

Fix #742

Signed-off-by: Sagi Shnaidman <[email protected]>

plugins/module_utils/podman/podman_pod_lib.py

@@ -43,13 +43,15 @@
     dns_search=dict(type='list', elements='str', required=False),
     generate_systemd=dict(type='dict', default={}),
     gidmap=dict(type='list', elements='str', required=False),
+    gpus=dict(type='str', required=False),
     hostname=dict(type='str', required=False),
     infra=dict(type='bool', required=False),
     infra_conmon_pidfile=dict(type='str', required=False),
     infra_command=dict(type='str', required=False),
     infra_image=dict(type='str', required=False),
     infra_name=dict(type='str', required=False),
     ip=dict(type='str', required=False),
+    ip6=dict(type='str', required=False),
     label=dict(type='dict', required=False),
     label_file=dict(type='str', required=False),
     mac_address=dict(type='str', required=False),
@@ -67,13 +69,20 @@
     quadlet_dir=dict(type='path'),
     quadlet_filename=dict(type='str'),
     quadlet_options=dict(type='list', elements='str'),
+    security_opt=dict(type='list', elements='str', required=False),
     share=dict(type='str', required=False),
+    share_parent=dict(type='bool', required=False),
+    shm_size=dict(type='str', required=False),
+    shm_size_systemd=dict(type='str', required=False),
     subgidname=dict(type='str', required=False),
     subuidname=dict(type='str', required=False),
+    sysctl=dict(type='dict', required=False),
     uidmap=dict(type='list', elements='str', required=False),
     userns=dict(type='str', required=False),
+    uts=dict(type='str', required=False),
     volume=dict(type='list', elements='str', aliases=['volumes'],
                 required=False),
+    volumes_from=dict(type='list', elements='str', required=False),
     executable=dict(type='str', required=False, default='podman'),
     debug=dict(type='bool', default=False),
 )
@@ -213,6 +222,9 @@ def addparam_gidmap(self, c):
             c += ['--gidmap', gidmap]
         return c
 
+    def addparam_gpus(self, c):
+        return c + ['--gpus', self.params['gpus']]
+
     def addparam_hostname(self, c):
         return c + ['--hostname', self.params['hostname']]
 
@@ -236,6 +248,9 @@ def addparam_infra_name(self, c):
     def addparam_ip(self, c):
         return c + ['--ip', self.params['ip']]
 
+    def addparam_ip6(self, c):
+        return c + ['--ip6', self.params['ip6']]
+
     def addparam_label(self, c):
         for label in self.params['label'].items():
             c += ['--label', b'='.join(
@@ -285,15 +300,36 @@ def addparam_publish(self, c):
             c += ['--publish', g]
         return c
 
+    def addparam_security_opt(self, c):
+        for g in self.params['security_opt']:
+            c += ['--security-opt', g]
+        return c
+
     def addparam_share(self, c):
         return c + ['--share', self.params['share']]
 
+    def addparam_share_parent(self, c):
+        if self.params['share_parent'] is not None:
+            return c + ['--share-parent=%s' % self.params['share_parent']]
+        return c
+
+    def addparam_shm_size(self, c):
+        return c + ['--shm-size=%s' % self.params['shm_size']]
+
+    def addparam_shm_size_systemd(self, c):
+        return c + ['--shm-size-systemd=%s' % self.params['shm_size_systemd']]
+
     def addparam_subgidname(self, c):
         return c + ['--subgidname', self.params['subgidname']]
 
     def addparam_subuidname(self, c):
         return c + ['--subuidname', self.params['subuidname']]
 
+    def addparam_sysctl(self, c):
+        for k, v in self.params['sysctl'].items():
+            c += ['--sysctl', "%s=%s" % (k, v)]
+        return c
+
     def addparam_uidmap(self, c):
         for uidmap in self.params['uidmap']:
             c += ['--uidmap', uidmap]
@@ -302,12 +338,20 @@ def addparam_uidmap(self, c):
     def addparam_userns(self, c):
         return c + ['--userns', self.params['userns']]
 
+    def addparam_uts(self, c):
+        return c + ['--uts', self.params['uts']]
+
     def addparam_volume(self, c):
         for vol in self.params['volume']:
             if vol:
                 c += ['--volume', vol]
         return c
 
+    def addparam_volumes_from(self, c):
+        for vol in self.params['volumes_from']:
+            c += ['--volumes-from', vol]
+        return c
+
 
 class PodmanPodDefaults:
     def __init__(self, module, podman_version):

plugins/module_utils/podman/quadlet.py

@@ -416,6 +416,8 @@ def custom_prepare_params(self, params: dict) -> dict:
         if params["gidmap"]:
             for gidmap in params["gidmap"]:
                 params["podman_args"].append(f"--gidmap {gidmap}")
+        if params["gpus"]:
+            params["podman_args"].append(f"--gpus {params['gpus']}")
         if params["hostname"]:
             params["podman_args"].append(f"--hostname {params['hostname']}")
         if params["infra"]:
@@ -430,6 +432,8 @@ def custom_prepare_params(self, params: dict) -> dict:
             params["podman_args"].append(f"--infra-name {params['infra_name']}")
         if params["ip"]:
             params["podman_args"].append(f"--ip {params['ip']}")
+        if params["ip6"]:
+            params["podman_args"].append(f"--ip6 {params['ip6']}")
         if params["label"]:
             for label, label_v in params["label"].items():
                 params["podman_args"].append(f"--label {label}={label_v}")
@@ -447,17 +451,34 @@ def custom_prepare_params(self, params: dict) -> dict:
             params["podman_args"].append(f"--pid {params['pid']}")
         if params["pod_id_file"]:
             params["podman_args"].append(f"--pod-id-file {params['pod_id_file']}")
+        if params["security_opt"]:
+            for security_opt in params["security_opt"]:
+                params["podman_args"].append(f"--security-opt {security_opt}")
         if params["share"]:
             params["podman_args"].append(f"--share {params['share']}")
+        if params["share_parent"] is not None:
+            params["podman_args"].append(f"--share-parent={str(params['share_parent']).lower()}")
+        if params["shm_size"]:
+            params["podman_args"].append(f"--shm-size {params['shm_size']}")
+        if params["shm_size_systemd"]:
+            params["podman_args"].append(f"--shm-size-systemd {params['shm_size_systemd']}")
         if params["subgidname"]:
             params["podman_args"].append(f"--subgidname {params['subgidname']}")
         if params["subuidname"]:
             params["podman_args"].append(f"--subuidname {params['subuidname']}")
+        if params["sysctl"]:
+            for k, v in params["sysctl"].items():
+                params["podman_args"].append(f"--sysctl {k}={v}")
         if params["uidmap"]:
             for uidmap in params["uidmap"]:
                 params["podman_args"].append(f"--uidmap {uidmap}")
         if params["userns"]:
             params["podman_args"].append(f"--userns {params['userns']}")
+        if params["uts"]:
+            params["podman_args"].append(f"--uts {params['uts']}")
+        if params["volumes_from"]:
+            for volume in params["volumes_from"]:
+                params["podman_args"].append(f"--volumes-from {volume}")
         if params["debug"]:
             params["global_args"].append("--log-level debug")
 

plugins/modules/podman_pod.py

@@ -227,6 +227,11 @@
     elements: str
     required: false
     type: list
+  gpus:
+    description:
+    - GPU devices to add to the container ('all' to pass all GPUs).
+    type: str
+    required: false
   hostname:
     description:
     - Set a hostname to the pod
@@ -266,6 +271,11 @@
     - Set a static IP for the pod's shared network.
     type: str
     required: false
+  ip6:
+    description:
+    - Set a static IPv6 for the pod's shared network.
+    type: str
+    required: false
   label:
     description:
     - Add metadata to a pod, pass dictionary of label keys and values.
@@ -357,13 +367,43 @@
         options as a list of lines to add.
     type: list
     elements: str
+  security_opt:
+    description:
+    - Security options for the pod.
+    type: list
+    elements: str
+    required: false
   share:
     description:
     - A comma delimited list of kernel namespaces to share. If none or "" is specified,
       no namespaces will be shared. The namespaces to choose from are ipc, net, pid,
       user, uts.
     type: str
     required: false
+  share_parent:
+    description:
+    - This boolean determines whether or not all containers entering the pod use the pod as their cgroup parent.
+      The default value of this option in Podman is true.
+    type: bool
+    required: false
+  shm_size:
+    description:
+    - Set the size of the /dev/shm shared memory space.
+      A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes).
+      If the unit is omitted, the system uses bytes.
+      If the size is omitted, the default is 64m.
+      When size is 0, there is no limit on the amount of memory used for IPC by the pod.
+    type: str
+    required: false
+  shm_size_systemd:
+    description:
+    - Size of systemd-specific tmpfs mounts such as /run, /run/lock, /var/log/journal and /tmp.
+      A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes).
+      If the unit is omitted, the system uses bytes.
+      If the size is omitted, the default is 64m.
+      When size is 0, the usage is limited to 50 percents of the host's available memory.
+    type: str
+    required: false
   subgidname:
     description:
     - Name for GID map from the /etc/subgid file. Using this flag will run the container
@@ -377,6 +417,11 @@
       This flag conflicts with `userns` and `uidmap`.
     required: false
     type: str
+  sysctl:
+    description:
+    - Set kernel parameters for the pod.
+    type: dict
+    required: false
   uidmap:
     description:
     - Run the container in a new user namespace using the supplied mapping.
@@ -393,6 +438,11 @@
       An empty value ("") means user namespaces are disabled.
     required: false
     type: str
+  uts:
+    description:
+    - Set the UTS namespace mode for the pod.
+    required: false
+    type: str
   volume:
     description:
     - Create a bind mount.
@@ -401,6 +451,12 @@
     elements: str
     required: false
     type: list
+  volumes_from:
+    description:
+    - Mount volumes from the specified container.
+    elements: str
+    required: false
+    type: list
   executable:
     description:
     - Path to C(podman) executable if it is not in the C($PATH) on the

tests/integration/targets/podman_pod/tasks/main.yml

@@ -1010,6 +1010,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:
@@ -1052,6 +1054,7 @@
         - "PodmanArgs=--subuidname username1"
         - "PodmanArgs=--userns auto"
         - "PodmanArgs=--add-host host1"
+        - "PodmanArgs=--sysctl net.ipv4.ip_forward=1"
         - "Label=somelabel=labelvalue"
         - "WantedBy=default.target"
       loop_control:
@@ -1075,6 +1078,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:
@@ -1103,6 +1108,8 @@
         subuidname: username1
         userns: auto
         publish: 8000:8001
+        sysctl:
+          "net.ipv4.ip_forward": 1
         add_host:
           - host1
         volume:

tests/integration/targets/podman_pod/tasks/resource-limit.yml

@@ -8,6 +8,7 @@
         cpuset_mems: '0-1'
         cpu_shares: 1024
         device_write_bps: ['/dev/zero:1048576']
+        shm_size: 1G
 
   - name: Create pod for limiting resources
     containers.podman.podman_pod:
@@ -18,6 +19,7 @@
       cpuset_mems: "{{ limit.cpuset_mems }}"
       cpu_shares: "{{ limit.cpu_shares }}"
       device_write_bps: "{{ limit.device_write_bps }}"
+      shm_size: "{{ limit.shm_size }}"
 
   - name: Get information on pod for limiting resources
     containers.podman.podman_pod_info: