Quadlet filename set for podman_container but not podman_containers

[Shadow53]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

I am attempting to define multiple quadlet containers at once using the podman_containers module. This fails with the error:

fatal: [HOST]: FAILED! => {"changed": false, "msg": "Filename for container is required for creating a quadlet file."}

If I pass the exact same configuration to podman_container as part of a loop, it works fine.

Steps to reproduce the issue:

1. Set up a host with Podman and Quadlet capabilities (I'm using Fedora CoreOS) and add it to an inventory file under the group caddy.

2. Copy the following YAML to a playbook file:

Playbook

---
- name: Deploy Caddy using Podman
  hosts: caddy
  become: true
  handlers:
    - name: Restart Caddy
      ansible.builtin.systemd_service:
        daemon_reload: true
        enabled: true
        state: restarted
        name: caddy.service
    - name: Validate Caddyfiles
      notify: Reload Caddy
      containers.podman.podman_container_exec:
        name: systemd-caddy
        command: caddy validate
        workdir: /etc/caddy
    - name: Reload Caddy
      containers.podman.podman_container_exec:
        name: systemd-caddy
        command: caddy reload --force
        workdir: /etc/caddy
  vars:
    containers:
      - name: "{{ service_ident }}"
        image: docker.io/library/caddy:alpine
        cap_add:
          - NET_ADMIN
        mount:
          - type=bind,source=/etc/caddy,target=/etc/caddy,ro=true,Z=true
        network: "{{ service_ident }}"
        volume:
          - "{{ service_ident }}-config:/config:Z"
          - "{{ service_ident }}-data:/data:Z"
    containers_processed: "{{ containers | map('combine', dict(state='quadlet', pull='always', pod=service_ident, quadlet_options=['AutoUpdate=registry', 'Pull=true']), list_merge='append_rp', recursive=true) }}"
    service_ident: caddy
    pod_ports:
      - "80:80"
      - "443:443"
    volumes:
      - name: config
      - name: data
  tasks:
    - name: Create Caddy network
      containers.podman.podman_network:
        name: "{{ service_ident }}"
        state: quadlet
        internal: false

    - name: Create service podman pod
      containers.podman.podman_pod:
        name: "{{ service_ident }}"
        state: quadlet
        network: "{{ service_ident }}"
        publish: "{{ pod_ports | default() }}"
        restart_policy: "always"

    - name: Create service podman volume(s)
      containers.podman.podman_volume:
        name: "{{ service_ident }}-{{ item.name }}"
        state: quadlet
      loop: "{{ volumes }}"

    - name: Create a Caddy directories if not exist
      ansible.builtin.file:
        owner: root
        group: root
        path: /etc/caddy/sites
        state: directory
        mode: '0755'

    - name: Upload default Caddyfile
      notify: Validate Caddyfiles
      ansible.builtin.copy:
        owner: root
        group: root
        mode: "0400"
        dest: "/etc/caddy/Caddyfile"
        content: >
          {
              http_port   80
          }

          import /etc/caddy/sites/*

    - name: Debug containers definition
      ansible.builtin.debug:
        var: to_debug
      vars:
        to_debug: "{{ containers_processed }}"

    - name: Create podman container
      notify: Restart Caddy
      containers.podman.podman_container: "{{ item }}"
      loop: "{{ containers_processed }}"

    - name: Create podman containers
      notify: Restart Caddy
      containers.podman.podman_containers:
        containers: "{{ containers_processed }}"

3. Run the playbook. Notice how Create podman container succeeds while Create podman containers fails with the aforementioned error.

Describe the results you received:

fatal: [HOST]: FAILED! => {"changed": false, "msg": "Filename for container is required for creating a quadlet file."}

Describe the results you expected:

Success similar to using podman_container with loop.

Additional information you deem important (e.g. issue happens only occasionally):

The context for this is a homelab setup where I have a single role that deploys containers in a consistent way and various other roles that pass variables to the former. This is why the example playbook is formatted the way it is with a templated variable instead of defining the container inline.

Version of the containers.podman collection:
Either git commit if installed from git: git show --summary
Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

containers.podman                        1.15.2

Output of ansible --version:

ansible [core 2.16.8]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/shadow53/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.12/site-packages/ansible
  ansible collection location = /home/shadow53/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 14.1.1 20240607 (Red Hat 14.1.1-5)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True

Output of podman version:

# Assuming the host in the inventory file
Client:       Podman Engine
Version:      5.1.0
API Version:  5.1.0
Go Version:   go1.22.3
Built:        Wed May 29 00:00:00 2024
OS/Arch:      linux/amd64

Output of podman info --debug:

Output

host:
  arch: amd64
  buildahVersion: 1.36.0
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 97.05
    systemPercent: 0.84
    userPercent: 2.11
  cpus: 1
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "40"
  eventLogger: journald
  freeLocks: 2046
  hostname: id.mnbryant.com
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 6.8.11-300.fc40.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 251396096
  memTotal: 2049576960
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.11.0-1.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0
    package: netavark-1.11.0-1.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.11.0
  ociRuntime:
    name: crun
    package: crun-1.15-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.15
      commit: e6eacaf4034e84185fd8780ac9262bbf57082278
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240510.g7288448-1.fc40.x86_64
    version: |
      pasta 0^20240510.g7288448-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-2.fc40.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.5
  swapFree: 745795584
  swapTotal: 1024454656
  uptime: 171h 56m 19.00s (Approximately 7.12 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 69188169728
  graphRootUsed: 5229629440
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.1.0
  Built: 1716940800
  BuiltTime: Wed May 29 00:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.3
  Os: linux
  OsArch: linux/amd64
  Version: 5.1.0

Package info (e.g. output of rpm -q podman or apt list podman):

podman-5.1.0-1.fc40.x86_64

Playbook you run with ansible (e.g. content of playbook.yaml):

See above.

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

Output

ansible-playbook [core 2.16.8]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/shadow53/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.12/site-packages/ansible
  ansible collection location = /home/shadow53/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 14.1.1 20240607 (Red Hat 14.1.1-5)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: caddy_standalone.yml *************************************************
1 plays in caddy_standalone.yml

PLAY [Deploy Caddy using Podman] ***********************************************

TASK [Gathering Facts] *********************************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:2
ok: [HOST]

TASK [Create Caddy network] ****************************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:44
ok: [HOST] => {"actions": [], "changed": false, "network": {}}

TASK [Create service podman pod] ***********************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:50
ok: [HOST] => {"actions": [], "changed": false, "pod": {}}

TASK [Create service podman volume(s)] *****************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:58
ok: [HOST] => (item={'name': 'config'}) => {"actions": [], "ansible_loop_var": "item", "changed": false, "item": {"name": "config"}, "volume": {}}
ok: [HOST] => (item={'name': 'data'}) => {"actions": [], "ansible_loop_var": "item", "changed": false, "item": {"name": "data"}, "volume": {}}

TASK [Create a Caddy directories if not exist] *********************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:64
ok: [HOST] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/caddy/sites", "secontext": "system_u:object_r:container_file_t:s0:c821,c974", "size": 33, "state": "directory", "uid": 0}

TASK [Upload default Caddyfile] ************************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:72
ok: [HOST] => {"changed": false, "checksum": "ff35b4525c1034362eb9249c174d27b2eb8f0692", "dest": "/etc/caddy/Caddyfile", "gid": 0, "group": "root", "mode": "0400", "owner": "root", "path": "/etc/caddy/Caddyfile", "secontext": "system_u:object_r:container_file_t:s0:c821,c974", "size": 49, "state": "file", "uid": 0}

TASK [Debug containers definition] *********************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:86
ok: [HOST] => {
    "to_debug": [
        {
            "cap_add": [
                "NET_ADMIN"
            ],
            "image": "docker.io/library/caddy:alpine",
            "mount": [
                "type=bind,source=/etc/caddy,target=/etc/caddy,ro=true,Z=true"
            ],
            "name": "caddy",
            "network": "caddy",
            "pod": "caddy",
            "pull": "always",
            "quadlet_options": [
                "AutoUpdate=registry",
                "Pull=true"
            ],
            "state": "quadlet",
            "volume": [
                "caddy-config:/config:Z",
                "caddy-data:/data:Z"
            ]
        }
    ]
}

TASK [Create podman container] *************************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:92
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations
(see
https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-
unsafe)
ok: [HOST] => (item={'name': 'caddy', 'image': 'docker.io/library/caddy:alpine', 'cap_add': ['NET_ADMIN'], 'mount': ['type=bind,source=/etc/caddy,target=/etc/caddy,ro=true,Z=true'], 'network': 'caddy', 'volume': ['caddy-config:/config:Z', 'caddy-data:/data:Z'], 'state': 'quadlet', 'pull': 'always', 'pod': 'caddy', 'quadlet_options': ['AutoUpdate=registry', 'Pull=true']}) => {"actions": [], "ansible_loop_var": "item", "changed": false, "container": {}, "item": {"cap_add": ["NET_ADMIN"], "image": "docker.io/library/caddy:alpine", "mount": ["type=bind,source=/etc/caddy,target=/etc/caddy,ro=true,Z=true"], "name": "caddy", "network": "caddy", "pod": "caddy", "pull": "always", "quadlet_options": ["AutoUpdate=registry", "Pull=true"], "state": "quadlet", "volume": ["caddy-config:/config:Z", "caddy-data:/data:Z"]}}

TASK [Create podman containers] ************************************************
task path: /home/shadow53/Development/coreos/playbooks/caddy_standalone.yml:97
fatal: [HOST]: FAILED! => {"changed": false, "msg": "Filename for container is required for creating a quadlet file."}

PLAY RECAP *********************************************************************
HOST            : ok=8    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Additional environment details (AWS, VirtualBox, physical, etc.):

This is running against Fedora CoreOS running on a VPS, but seems unspecific to the host system.

[sshnaidm]

Thanks for catching, good to see someone uses this module 😄