+ |
Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json`` (Not available for remote commands) You can also override the default path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable. ``export REGISTRY_AUTH_FILE=path``
|
-
+ |
Block IO weight (relative weight) accepts a weight value between 10 and 1000
|
-
+
blkio_weight_device
dictionary
|
Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
|
-
+
cap_add
aliases: capabilities
@@ -127,13 +134,20 @@ |
-
+
cap_drop
list / elements=string
|
List of capabilities to drop from the container.
|
+
+ cgroup_conf
+ dictionary
+ |
+When running on cgroup v2, specify the cgroup file to write to and its value.
+ |
+
cgroup_parent
path
@@ -156,90 +170,97 @@ |
|
+Path to a directory inside the container that is treated as a chroot directory.
+ |
+
+ |
Write the container ID to the file
|
-
+
cmd_args
list / elements=string
|
Any additional command options you want to pass to podman command itself, for example --log-level=debug or --syslog . This is NOT command to run in container, but rather options for podman itself. For container command please use command option.
|
-
+ |
Override command of container. Can be a string or a list.
|
-
+ |
Write the pid of the conmon process to a file. conmon runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers.
|
-
+ |
Limit the CPU CFS (Completely Fair Scheduler) period
|
-
+ |
Limit the CPU CFS (Completely Fair Scheduler) quota
|
-
+ |
Limit the CPU real-time period in microseconds. Limit the container’s Real Time CPU usage. This flag tell the kernel to restrict the container’s Real Time CPU usage to the period you specify.
|
-
+ |
Limit the CPU real-time runtime in microseconds. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume.
|
-
+ |
CPU shares (relative weight)
|
-
+ |
Number of CPUs. The default is 0.0 which means no limit.
|
-
+ |
CPUs in which to allow execution (0-3, 0,1)
|
-
+ |
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
|
-
+ |
@@ -251,6 +272,13 @@
+
+ decryption_key
+ string
+ |
+The “key-passphrase” to be used for decryption of images. Key can point to keys and/or certificates.
+ |
+
delete_depend
boolean
@@ -309,34 +337,41 @@ |
+ device_cgroup_rule
+ string
+ |
+Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation admin-guide/cgroup-v1/devices.
+ |
+
+
device_read_bps
list / elements=string
|
Limit read rate (bytes per second) from a device (e.g. device-read-bps /dev/sda:1mb)
|
-
+
device_read_iops
list / elements=string
|
Limit read rate (IO per second) from a device (e.g. device-read-iops /dev/sda:1000)
|
-
+
device_write_bps
list / elements=string
|
Limit write rate (bytes per second) to a device (e.g. device-write-bps /dev/sda:1mb)
|
-
+
device_write_iops
list / elements=string
|
Limit write rate (IO per second) to a device (e.g. device-write-iops /dev/sda:1000)
|
-
+
dns
aliases: dns_servers
@@ -345,7 +380,7 @@ |
-
+
dns_option
aliases: dns_opts
@@ -354,7 +389,7 @@ |
-
+
dns_search
aliases: dns_search_domains
@@ -363,21 +398,21 @@ |
-
+ |
Overwrite the default ENTRYPOINT of the image
|
-
+ |
Set environment variables. This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container.
|
-
+
env_file
aliases: env_files
@@ -386,7 +421,7 @@ |
-
+ |
@@ -398,6 +433,13 @@
+ |
+Preprocess default environment variables for the containers
+ |
+
etc_hosts
@@ -592,6 +634,13 @@ |
|
+GPU devices to add to the container.
+ |
+
+
group_add
aliases: groups
@@ -600,16 +649,62 @@ |
+ |
+Customize the entry that is written to the /etc/group file within the container when –user is used.
+ |
+
- healthcheck
- string
+ health_startup_cmd
+ string
|
-Set or alter a healthcheck command for a container.
+ Set a startup healthcheck command for a container.
+ |
+ |
+
+ health_startup_interval
+ string
+ |
+Set an interval for the startup healthcheck.
+ |
+
+
+ health_startup_retries
+ integer
+ |
+The number of attempts allowed before the startup healthcheck restarts the container. If set to 0, the container is never restarted. The default is 0.
|
- healthcheck_failure_action
- string
+ health_startup_success
+ integer
+ |
+The number of successful runs required before the startup healthcheck succeeds and the regular healthcheck begins. A value of 0 means that any success begins the regular healthcheck. The default is 0.
+ |
+
+
+ health_startup_timeout
+ string
+ |
+The maximum time a startup healthcheck command has to complete before it is marked as failed.
+ |
+
+
+
+ healthcheck
+ aliases: health_cmd
+ string
+ |
+Set or alter a healthcheck command for a container.
+ |
+
+
+
+ healthcheck_failure_action
+ aliases: health_on_failure
+ string
|
The action to be taken when the container is considered unhealthy. The action must be one of “none”, “kill”, “restart”, or “stop”. The default policy is “none”.
Choices:
@@ -621,48 +716,63 @@ |
-
- healthcheck_interval
- string
+
+
+ healthcheck_interval
+ aliases: health_interval
+ string
|
Set an interval for the healthchecks (a value of disable results in no automatic timer setup) (default “30s”)
|
-
- healthcheck_retries
- integer
+
+
+ healthcheck_retries
+ aliases: health_retries
+ integer
|
The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is 3.
|
-
- healthcheck_start_period
- string
+
+
+ healthcheck_start_period
+ aliases: health_start_period
+ string
|
The initialization time needed for a container to bootstrap. The value can be expressed in time format like 2m3s. The default value is 0s
|
-
- healthcheck_timeout
- string
+
+
+ healthcheck_timeout
+ aliases: health_timeout
+ string
|
The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the value can be expressed in a time format such as 1m22s. The default value is 30s
|
-
+
hooks_dir
list / elements=string
|
Each .json file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see oci-hooks(5). Can be set multiple times.
|
-
+ |
Container host name. Sets the container host name that is available inside the container.
|
+ |
+Add a user account to /etc/passwd from the host to the container. The Username or UID must exist on the host system.
+ |
+
http_proxy
boolean
@@ -721,13 +831,25 @@ |
|
+(Pods only). When using pods, create an init style container, which is run after the infra container is started but before regular pod containers are started.
+ Choices:
+
+ |
+
+ |
Path to the container-init binary.
|
-
+ |
@@ -739,13 +861,20 @@
-
+ |
Specify a static IP address for the container, for example ‘10.88.64.128’. Can only be used if no additional CNI networks to join were specified via ‘network:’, and if the container is not joining another container’s network namespace via ‘network container:<name|id>’. The address must be within the default CNI network’s pool (default 10.88.0.0/16).
|
+ |
+Specify a static IPv6 address for the container
+ |
+
ipc
@@ -902,13 +1031,27 @@ |
- network_aliases
- list / elements=string
+
+ network_aliases
+ aliases: network_alias
+ list / elements=string
|
Add network-scoped alias for the container. A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release.
|
+ no_healthcheck
+ boolean
+ |
+Disable any defined healthchecks for container.
+ Choices:
+
+ |
+
+ |
@@ -920,7 +1063,7 @@
-
+ |
@@ -932,14 +1075,47 @@
-
+ |
Tune the host’s OOM preferences for containers (accepts -1000 to 1000)
|
+ |
+Override the OS, defaults to hosts, of the image to be pulled. For example, windows.
+ |
+
+ |
+Allow Podman to add entries to /etc/passwd and /etc/group when used in conjunction with the –user option. This is used to override the Podman provided user setup in favor of entrypoint configurations such as libnss-extrausers.
+ Choices:
+
+ |
+
+ |
+Customize the entry that is written to the /etc/passwd file within the container when –passwd is used.
+ |
+
|
+Personality sets the execution domain via Linux personality(2).
+ |
+
+
pid
aliases: pid_mode
@@ -948,6 +1124,13 @@ |
+ |
+When the pidfile location is specified, the container process’ PID is written to the pidfile.
+ |
+
pids_limit
string
@@ -956,12 +1139,40 @@ |
|
+Specify the platform for selecting the image.
+ |
+
+ |
Run container in an existing pod. If you want podman to make the pod for you, prefix the pod name with “new:”
|
+ |
+Run container in an existing pod and read the pod’s ID from the specified file. When a container is run within a pod which has an infra-container, the infra-container starts first.
+ |
+
+
+ preserve_fd
+ list / elements=string
+ |
+Pass down to the process the additional file descriptors specified in the comma separated list.
+ |
+
+ |
+Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs are 3\+N.
+ |
+
privileged
boolean
@@ -998,26 +1209,47 @@ |
|
+Pull image policy. The default is ‘missing’.
+ Choices:
+
+"missing"
+"always"
+"never"
+"newer"
+
+ |
+
+ |
Path to the directory to write quadlet file in. By default, it will be set as /etc/containers/systemd/ for root user, ~/.config/containers/systemd/ for non-root users.
|
-
+ |
Name of quadlet file to write. By default it takes name value.
|
-
+
quadlet_options
list / elements=string
|
Options for the quadlet file. Provide missing in usual container args options as a list of lines to add.
|
+ |
+Rdt-class sets the class of service (CLOS or COS) for the container to run in. Requires root.
+ |
+
read_only
boolean
@@ -1076,6 +1308,20 @@ |
|
+Number of times to retry pulling or pushing images between the registry and local storage in case of failure. Default is 3.
+ |
+
+ |
+Duration of delay between retry attempts when pulling or pushing images between the registry and local storage in case of failure.
+ |
+
+
rm
@@ -1091,6 +1337,18 @@ |
|
+After exit of the container, remove the image unless another container is using it. Implies –rm on the new container. The default is false.
+ Choices:
+
+ |
+
+ |
@@ -1102,13 +1360,20 @@
-
+ |
Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. Can be container, conmon, ignore.
|
+
+ seccomp_policy
+ string
+ |
+Specify the policy to select the seccomp profile.
+ |
+
secrets
list / elements=string
@@ -1131,6 +1396,13 @@ |
+ shm_size_systemd
+ string
+ |
+Size of systemd-specific tmpfs mounts such as /run, /run/lock, /var/log/journal and /tmp.
+ |
+
+ |
@@ -1142,7 +1414,7 @@
-
+ |
@@ -1163,55 +1435,62 @@
-
+ |
Signal to stop a container. Default is SIGTERM.
|
-
+ |
Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. Applies to “stopped” status.
|
-
+ |
Timeout (in seconds) to stop a container. Default is 10.
|
-
+ |
Run the container in a new user namespace using the map with ‘name’ in the /etc/subgid file.
|
-
+ |
Run the container in a new user namespace using the map with ‘name’ in the /etc/subuid file.
|
-
+ |
Configure namespaced kernel parameters at runtime
|
-
+ |
Run container in systemd mode. The default is true.
|
+ |
+Maximum time (in seconds) a container is allowed to run before conmon sends it the kill signal. By default containers run until they exit or are stopped by “podman stop”.
+ |
+
timezone
string
@@ -1220,13 +1499,25 @@ |
|
+Require HTTPS and verify certificates when pulling images.
+ Choices:
+
+ |
+
+ |
Create a tmpfs mount. For example tmpfs “/tmp” “rw,size=787448k,mode=1777”
|
-
+ |
@@ -1238,14 +1529,14 @@
-
+
uidmap
list / elements=string
|
Run the container in a new user namespace using the supplied mapping.
|
-
+
ulimit
aliases: ulimits
@@ -1254,6 +1545,32 @@ |
+ |
+Set the umask inside the container. Defaults to 0022. Remote connections use local containers.conf for defaults.
+ |
+
+
+ unsetenv
+ list / elements=string
+ |
+Unset default environment variables for the container.
+ |
+
+ |
+Unset all default environment variables for the container.
+ Choices:
+
+ |
+
user
string
@@ -1278,6 +1595,13 @@ |
|
+Use VARIANT instead of the default architecture variant of the container image.
+ |
+
+
volume
aliases: volumes
@@ -1286,14 +1610,14 @@ |
-
+
volumes_from
list / elements=string
|
Mount volumes from the specified container(s).
|
-
+
workdir
aliases: working_dir
diff --git a/docs/podman_containers_module.html b/docs/podman_containers_module.html
index adc0dca8..20871432 100644
--- a/docs/podman_containers_module.html
+++ b/docs/podman_containers_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_containers module – Manage podman containers in a batch
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_export_module.html b/docs/podman_export_module.html
index b5e525aa..b495b677 100644
--- a/docs/podman_export_module.html
+++ b/docs/podman_export_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_export module – Export a podman container
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_generate_systemd_module.html b/docs/podman_generate_systemd_module.html
index daec06e3..9f1f507b 100644
--- a/docs/podman_generate_systemd_module.html
+++ b/docs/podman_generate_systemd_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_generate_systemd module – Generate systemd unit from a pod or a container
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_image_info_module.html b/docs/podman_image_info_module.html
index b6427720..9a2a39cc 100644
--- a/docs/podman_image_info_module.html
+++ b/docs/podman_image_info_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_image_info module – Gather info about images using podman
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_image_module.html b/docs/podman_image_module.html
index 941b06df..5177c7e6 100644
--- a/docs/podman_image_module.html
+++ b/docs/podman_image_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_image module – Pull images for use by podman
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
@@ -256,6 +256,13 @@ |
|
+Extra arguments to pass to the pull command.
+ |
+
+ |
@@ -267,7 +274,7 @@
-
+ |
@@ -275,7 +282,7 @@
-
+ |
@@ -287,7 +294,7 @@
-
+
dest
aliases: destination
@@ -296,6 +303,13 @@ |
+ |
+Extra args to pass to push, if executed. Does not idempotently check for new push args.
+ |
+
format
string
@@ -336,6 +350,7 @@ |
+ dns
+ list / elements=string
+ |
+Set network-scoped DNS resolver/nameserver for containers in this network. If not set, the host servers from /etc/resolv.conf is used.
+ |
+
+ |
Driver to manage the network (default “bridge”)
|
-
+ |
@@ -116,7 +123,7 @@ ParametersDefault: "podman"
-
+ |
@@ -128,21 +135,21 @@ Parameters
-
+ |
IPv4 or IPv6 gateway for the subnet
|
-
+ |
For bridge, it uses the bridge interface name. For macvlan, it is the parent device on the host (it is the same as ‘opt.parent’)
|
-
+ |
@@ -154,18 +161,31 @@ Parameters
-
+ |
Allocate container IP from range
|
+ |
+Set the ipam driver (IP Address Management Driver) for the network. When unset podman chooses an ipam driver automatically based on the network driver
+ Choices:
+
+"host-local"
+"dhcp"
+"none"
+
+ |
+
|
-Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. The subnet option must be used with the ipv6 option.
+ Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. The subnet option must be used with the ipv6 option. Idempotency is not supported because it generates subnets randomly.
Choices:
|
|
+ net_config
+ list / elements=dictionary
+ |
+List of dictionaries with network configuration. Each dictionary should contain ‘subnet’ and ‘gateway’ keys. ‘ip_range’ is optional.
+ |
+
+
+ gateway
+ string / required
+ |
+ |
+
+ |
+Allocate container IP from range
+ |
+
+
+ subnet
+ string / required
+ |
+ |
+
+ |
@@ -275,6 +323,13 @@ Parameters
+ route
+ list / elements=string
+ |
+A static route in the format <destination in CIDR notation>,<gateway>,<route metric (optional)>. This route will be added to every container in this network.
+ |
+
+ |
@@ -287,7 +342,7 @@ Parameters
-
+ |
diff --git a/docs/podman_play_module.html b/docs/podman_play_module.html
index 30a3654c..717887ac 100644
--- a/docs/podman_play_module.html
+++ b/docs/podman_play_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_play module – Play kubernetes YAML file using podman
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_pod_info_module.html b/docs/podman_pod_info_module.html
index d93a4370..feb6083d 100644
--- a/docs/podman_pod_info_module.html
+++ b/docs/podman_pod_info_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_pod_info module – Gather info about podman pods
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
diff --git a/docs/podman_pod_module.html b/docs/podman_pod_module.html
index 6cd068f3..26e734ea 100644
--- a/docs/podman_pod_module.html
+++ b/docs/podman_pod_module.html
@@ -37,7 +37,7 @@
containers.podman.podman_pod module – Manage Podman pods
Note
- This module is part of the containers.podman collection (version 1.13.0).
+ This module is part of the containers.podman collection (version 1.14.0).
It is not included in ansible-core .
To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install containers.podman .
@@ -175,8 +175,10 @@ Parameters
- dns_opt
- list / elements=string
+
+ dns_opt
+ aliases: dns_option
+ list / elements=string
|
Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod.
|
@@ -197,6 +199,18 @@ Parameters
|
+Set the exit policy of the pod when the last container exits. Supported policies are stop and continue
+ Choices:
+
+ |
+
+
generate_systemd
dictionary
|
@@ -204,21 +218,21 @@ ParametersDefault: {}
-
+
after
list / elements=string
|
Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service.
|
-
+ |
Set the systemd unit name prefix for containers. The default is “container”.
|
-
+ |
@@ -230,7 +244,7 @@ Parameters
-
+ |
@@ -242,7 +256,7 @@ Parameters
-
+ |
@@ -254,28 +268,28 @@ Parameters
-
+ |
Specify a path to the directory where unit files will be generated. Required for this option. If it doesn’t exist, the directory will be created.
|
-
+ |
Set the systemd unit name prefix for pods. The default is “pod”.
|
-
+
requires
list / elements=string
|
Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.
|
-
+ |
@@ -292,28 +306,28 @@ Parameters
-
+ |
Set the systemd service restartsec value.
|
-
+ |
Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is “-” (dash).
|
-
+ |
Override the default start timeout for the container with the given value.
|
-
+ |
-
+
wants
list / elements=string
|
Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on.
|
-
+
gidmap
list / elements=string
|
GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `userns` and `subgidname` flags.
|
+ |
+GPU devices to add to the container (‘all’ to pass all GPUs).
+ |
+
|
|
+Set a static IPv6 for the pod’s shared network.
+ |
+
+ |
Add metadata to a pod, pass dictionary of label keys and values.
|
-
+ |
Read in a line delimited file of labels.
|
-
+ |
Set a static MAC address for the pod’s shared network.
|
-
+ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |