ansible/roles/abrt/retrace/tasks/podman.yml

---
- name: Install Podman package
  ansible.builtin.package:
    name: podman
    state: present

- name: Stop httpd to allow retrace user modification
  service:
    name: httpd
    state: stopped

- name: Check if subuid is set for retrace user
  ansible.builtin.command: cat /etc/subuid
  changed_when: false
  register: retrace_subuid

- block:
  - name: Get last subuid entry
    ansible.builtin.shell: |
      set -o pipefail
      sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }'
    changed_when: false
    register: t_subuid
    args:
      executable: /usr/bin/bash

  - name: Set variables for min and max subuid
    set_fact:
      rs_subuid_min: "{{ t_subuid.stdout | default(100000) | int + 65536 }}"
      rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}"

  - name: Set subuid for retrace user.
    ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"

  when: '"retrace" not in retrace_subuid.stdout'

- name: Check if subgid is set for retrace user
  ansible.builtin.command: cat /etc/subgid
  changed_when: false
  register: retrace_subgid

- block:
  - name: Get last subgid entry
    ansible.builtin.shell: |
      set -o pipefail
      cut -d ':' -f2 /etc/subgid | sort | tail -1
    changed_when: false
    register: t_subgid
    args:
      executable: /usr/bin/bash

  - name: Set variables for min and max subgid
    set_fact:
      rs_subgid_min: "{{ t_subgid.stdout | default(100000) | int + 65536 }}"
      rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}"

  - name: Set subgid for retrace user
    ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"

  when: '"retrace" not in retrace_subgid.stdout'

- name: Start httpd after retrace user modification
  service:
    name: httpd
    state: started