podman_save module – Saves podman image to tar file
podman_secret module – Manage podman secrets
podman_secret_info module – Gather info about podman secrets
podman_tag module – Add an additional name to a local image
podman_volume module – Manage Podman volumes
podman_volume_info module – Gather info about podman volumes
Attach to STDIN, STDOUT or STDERR. The default in Podman is false.
+Choices:
+"stdin"
"stdout"
"stderr"
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` (Not available for remote commands) You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
Block IO weight (relative weight) accepts a weight value between 10 and 1000
Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
cap_add
aliases: capabilities
@@ -114,119 +127,119 @@List of capabilities to add to the container.
List of capabilities to drop from the container.
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
Path to cgroups under which the cgroup for the container will be created.
Determines whether the container will create CGroups. Valid values are enabled and disabled, which the default being enabled. The disabled option will force the container to not create CGroups, and thus conflicts with CGroup options cgroupns and cgroup-parent.
Write the container ID to the file
Any additional command options you want to pass to podman command itself, for example --log-level=debug or --syslog. This is NOT command to run in container, but rather options for podman itself. For container command please use command option.
Override command of container. Can be a string or a list.
Write the pid of the conmon process to a file. conmon runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
Limit the CPU CFS (Completely Fair Scheduler) period
Limit the CPU CFS (Completely Fair Scheduler) quota
Limit the CPU real-time period in microseconds. Limit the container’s Real Time CPU usage. This flag tell the kernel to restrict the container’s Real Time CPU usage to the period you specify.
Limit the CPU real-time runtime in microseconds. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume.
CPU shares (relative weight)
Number of CPUs. The default is 0.0 which means no limit.
CPUs in which to allow execution (0-3, 0,1)
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
Remove selected container and recursively remove all containers that depend on it. Applies to “delete” command.
+Choices:
+false
true
Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. Applies to “delete” command.
+Remove anonymous volumes associated with the container. This does not include named volumes created with podman volume create, or the –volume option of podman run and podman create.
+Choices:
+false
true
Read in a line delimited file of environment variables. Doesn’t support idempotency. If users changes the file with environment variables it’s on them to recreate the container. The file must be present on the REMOTE machine where actual podman is running, not on the controller machine where Ansible is executing. If you need to copy the file from controller to remote machine, use the copy or slurp module.
Force deletion of container when it’s being deleted.
+Choices:
+false
true ← (default)
{}
Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.
Set the systemd unit name prefix for containers. The default is “container”.
Specify a path to the directory where unit files will be generated. Required for this option. If it doesn’t exist, the directory will be created.
Set the systemd unit name prefix for pods. The default is “pod”.
Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.
Set the systemd service restartsec value.
Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is “-” (dash).
Override the default start timeout for the container with the given value.
Override the default stop timeout for the container with the given value.
-Override the default stop timeout for the container with the given value.
+Override the default stop timeout for the container with the given value. Called `time` before version 4.
Seconds to wait before forcibly stopping the container when restarting. Use -1 for infinite wait. Applies to “restarted” status.
+rm
@@ -1009,7 +1069,7 @@Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. Can be container, conmon, ignore.
Add the named secrets into the container. The format is secret[,opt=opt...], see documentation for more details.
Security Options. For example security_opt “seccomp=unconfined”
Size of /dev/shm. The format is <number><unit>. number must be greater than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes), or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses 64m
Signal to stop a container. Default is SIGTERM.
Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. Applies to “stopped” status.
+stop_timeout
integer
@@ -1244,7 +1311,7 @@For bridge, it uses the bridge interface name. For macvlan, it is the parent device on the host (it is the same as ‘opt.parent’)
+Allocate container IP from range
Create a Macvlan connection based on this device
Name of the network
Add network options. Currently ‘vlan’ and ‘mtu’ are supported.
Sets the Route Metric for the default route created in every container joined to this network. Can only be used with the Netavark network backend.
This option sets the specified ip/macvlan mode on the interface.
MTU size for bridge network interface.
The host device which should be used for the macvlan interface. Defaults to the default route interface.
+The host device which should be used for the macvlan interface (it is the same as ‘interface’ in that case). Defaults to the default route interface.
VLAN tag for bridge which enables vlan_filtering.
Add an annotation to the container or pod.
+Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login. Note - You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d. (This option is not available with the remote Podman client)
Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod. Note - The configmap option can be used multiple times to pass multiple Kubernetes configmap YAMLs
Use path as the build context directory for each image. Requires build option be true.
"podman"
Path to file with YAML configuration for a Pod.
Set logging driver for all created containers.
Logging driver specific options. Set custom logging configuration.
+Specify a max size of the log file (e.g 10mb).
+specify a path to the log file (e.g. /var/log/container/mycontainer.json).
+specify a custom log tag for the container. This option is currently supported only by the journald log driver in Podman.
+List of the names of CNI networks the pod should join.
The username and password to use to authenticate with the registry if required.
Directory path for seccomp profiles (default is “/var/lib/kubelet/seccomp”). This option is not available with the remote Podman client
The username and password to use to authenticate with the registry if required.
Override the default stop timeout for the container with the given value.
+Override the default stop timeout for the container with the given value. Called `time` before version 4.
Override the default stop timeout for the container with the given value.
-Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.
GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `userns` and `subgidname` flags.
Set a hostname to the pod
The command that will be run to start the infra container. Default is “/pause”.
Write the pid of the infra container’s conmon process to a file. As conmon runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods.