[Podman] Re: Ansible `template` tasks and rootless podman volume content management

On 6/15/23 02:47, Johannes Kastl wrote: Re: `containers.podman` vs quadlet: Simply because if the container host restarts or a container crashes unexpectedly, quadlet+systemd can ensure pods come back up. I considered using cron + Ansible pull, but that seemed slightly more complex/fragile. Re: Use handler: Yeah, the handler uses systemd to restart services (generated by quadlet). The main problem is handlers run on change. But because user-namespaces are in play, ansible's template module (rendering config files into podman volumes) always thinks there's a "change" (i.e. in file or directory ownership) even if there isn't. I still haven't tried (since it seems really really hacky) setting `ansible_python_interpreter` to a wrapper script that execs `podman unshare /usr/bin/python3 "$@"`. In theory this would work for Ansible `template` tasks, as the config files would be rendered INSIDE the user-namespace rather than outside. The only other idea I could come up with was to have a kind of secondary, conditional handler. Whereby an initial set of listening handlers updates the templated files (in the podman volume) with the correct UID/GID. Another one gathers a hash of the volume contents, then a final conditional handler only does the pod restart if the hashed contents have changed WRT a hash gathered prior to the original template task. This seems way to complex :S --- Chris Evich (he/him), RHCA III Senior Quality Assurance Engineer If it ain't broke, your hammer isn't wide 'nough.