mgmt/configuration/playbooks/upgrade-podman-to-5.yml

---
- name: 升级 Podman 到最新版本 (warden 节点测试)
  hosts: warden
  become: yes
  gather_facts: yes

  tasks:
    - name: 检查当前 Podman 版本
      shell: podman --version
      register: current_podman_version
      ignore_errors: yes

    - name: 显示当前版本
      debug:
        msg: "当前 Podman 版本: {{ current_podman_version.stdout if current_podman_version.rc == 0 else '未安装或无法获取' }}"

    - name: 备份现有 Podman 配置
      shell: |
        if [ -d /etc/containers ]; then
          cp -r /etc/containers /etc/containers.backup.$(date +%Y%m%d)
        fi
        if [ -d /usr/share/containers ]; then
          cp -r /usr/share/containers /usr/share/containers.backup.$(date +%Y%m%d)
        fi        
      ignore_errors: yes

    - name: 添加 Kubic 仓库 (HTTP 跳过签名)
      shell: |
        # 添加仓库并跳过签名验证
        echo "deb [trusted=yes] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/ /" > /etc/apt/sources.list.d/kubic-containers.list        

    - name: 更新包列表 (跳过签名验证)
      shell: apt-get update -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true

    - name: 检查仓库中可用的 Podman 版本
      shell: apt-cache policy podman
      register: podman_versions

    - name: 显示可用的 Podman 版本
      debug:
        msg: "{{ podman_versions.stdout }}"

    - name: 安装 Podman 5.x (强制跳过签名)
      shell: apt-get install -y --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages podman

    - name: 验证 Podman 5.x 安装
      shell: |
        podman --version
        podman info --format json | jq -r '.Version.Version'        
      register: podman_5_verify

    - name: 显示升级结果
      debug:
        msg: |
          ✅ Podman 升级完成
          🚀 新版本: {{ podman_5_verify.stdout_lines[0] }}
          📊 详细版本: {{ podman_5_verify.stdout_lines[1] }}          

    - name: 测试基本功能
      shell: |
        podman run --rm hello-world        
      register: podman_test
      ignore_errors: yes

    - name: 显示测试结果
      debug:
        msg: "Podman 功能测试: {{ '成功' if podman_test.rc == 0 else '失败 - ' + podman_test.stderr }}"

    - name: 检查相关服务状态
      shell: |
        systemctl status podman.socket 2>/dev/null || echo "podman.socket 未运行"
        systemctl status containerd 2>/dev/null || echo "containerd 未运行"        
      register: service_status

    - name: 显示服务状态
      debug:
        msg: "{{ service_status.stdout }}"