Podman et compilation croisee¶

podman_enabled: true
podman_rootless: true
podman_registries:
  - docker.io
  - ghcr.io
podman_test_user: "vdi-user"

---
- name: Installer Podman
  ansible.builtin.package:
    name: "{{ podman_package }}"
    state: present

- name: Installer les outils complementaires
  ansible.builtin.package:
    name:
      - slirp4netns
      - fuse-overlayfs
    state: present
  when: podman_rootless

- name: Configurer les registries
  ansible.builtin.template:
    src: registries.conf.j2
    dest: /etc/containers/registries.conf
    mode: '0644'

- name: Activer le linger pour l'utilisateur (rootless)
  ansible.builtin.command:
    cmd: "loginctl enable-linger {{ podman_test_user }}"
  changed_when: true
  when: podman_rootless

- name: Configurer les subuid/subgid pour rootless
  ansible.builtin.lineinfile:
    path: "{{ item }}"
    line: "{{ podman_test_user }}:100000:65536"
    create: true
    mode: '0644'
  loop:
    - /etc/subuid
    - /etc/subgid
  when: podman_rootless

- name: Validation du role
  ansible.builtin.include_tasks: validate.yml
  tags: [validate]

---
# --- Niveau 1 : technique ---
- name: "Assert : Podman installe"
  ansible.builtin.command: podman --version
  changed_when: false

# --- Niveau 2 : cas d'usage ---
- name: "Assert : Un utilisateur non-root peut lancer un conteneur"
  ansible.builtin.command: podman run --rm alpine echo ok
  become: true
  become_user: "{{ podman_test_user }}"
  changed_when: false
  when: podman_rootless

- name: "Assert : Les registries configures sont accessibles"
  ansible.builtin.command: "podman search --limit 1 {{ item }}/alpine"
  loop: "{{ podman_registries }}"
  changed_when: false

- name: "Assert : Build multi-arch arm64 fonctionne"
  ansible.builtin.shell: |
    echo 'FROM alpine' | podman build --platform linux/arm64 -t test-qemu -f - .
    podman rmi test-qemu
  changed_when: false
  when: qemu_user_static | default(false)

qemu_enabled: true
qemu_user_static: true
qemu_system: false

---
- name: Installer qemu-user-static
  ansible.builtin.package:
    name: "{{ qemu_user_static_package }}"
    state: present
  when: qemu_user_static

- name: Installer binfmt-support (Ubuntu)
  ansible.builtin.apt:
    name: binfmt-support
    state: present
  when: qemu_user_static and ansible_os_family == "Debian"

- name: Activer binfmt_misc
  ansible.builtin.systemd:
    name: systemd-binfmt
    state: restarted
  when: qemu_user_static

- name: Installer qemu-system
  ansible.builtin.package:
    name:
      - qemu-system-x86
      - qemu-system-arm
    state: present
  when: qemu_system

- name: Validation du role
  ansible.builtin.include_tasks: validate.yml
  tags: [validate]

---
# --- Niveau 1 : technique ---
- name: "Assert : qemu-user-static installe"
  ansible.builtin.command: which qemu-aarch64-static
  changed_when: false
  when: qemu_user_static

- name: "Assert : qemu-system installe"
  ansible.builtin.command: which qemu-system-x86_64
  changed_when: false
  when: qemu_system

# --- Niveau 2 : cas d'usage ---
- name: "Assert : binfmt_misc enregistre pour arm64"
  ansible.builtin.stat:
    path: /proc/sys/fs/binfmt_misc/qemu-aarch64
  register: binfmt_result
  failed_when: not binfmt_result.stat.exists
  when: qemu_user_static

- name: "Assert : Execution cross-arch fonctionne"
  ansible.builtin.shell: |
    podman run --rm --platform linux/arm64 alpine uname -m | grep aarch64
  changed_when: false
  when: qemu_user_static and podman_enabled | default(false)

- name: "Assert : qemu-system peut demarrer une VM (dry-run)"
  ansible.builtin.command: >
    qemu-system-x86_64 -machine help
  changed_when: false
  when: qemu_system