From cfd9873bbcc71192e0c097b4b38c4a2800703c2e Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 11 Jan 2022 10:13:16 +0100 Subject: [PATCH] Allow to choose container manager commands (#8380) This allow to workaround #8375 by using image_command_tool=crictl when containerd_registries is used for containerd. Also changes image_info_command_on_localhost for docker to return digests. --- roles/download/defaults/main.yml | 16 +++++++++++ roles/download/tasks/prep_download.yml | 38 -------------------------- 2 files changed, 16 insertions(+), 38 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 8d7e205e2..529237c43 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -45,6 +45,22 @@ download_validate_certs: true # Use the first kube_control_plane if download_localhost is not set download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube_control_plane'][0] }}{% endif %}" +# The docker_image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing +docker_image_pull_command: "{{ docker_bin_dir }}/docker pull" +docker_image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','" +nerdctl_image_info_command: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" +nerdctl_image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet{{ nerdctl_extra_flags }}" +crictl_image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" +crictl_image_pull_command: "{{ bin_dir }}/crictl pull" + +image_command_tool: "{%- if container_manager == 'containerd' -%}nerdctl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" +image_command_tool_on_localhost: "{{ image_command_tool }}" + +image_pull_command: "{{ lookup('vars', image_command_tool + '_image_pull_command') }}" +image_info_command: "{{ lookup('vars', image_command_tool + '_image_info_command') }}" +image_pull_command_on_localhost: "{{ lookup('vars', image_command_tool_on_localhost + '_image_pull_command') }}" +image_info_command_on_localhost: "{{ lookup('vars', image_command_tool_on_localhost + '_image_info_command') }}" + # Arch of Docker images and needed packages image_arch: "{{host_architecture | default('amd64')}}" diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 342f20c8c..769d653da 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -5,44 +5,6 @@ tags: - facts -# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing -# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{` -- name: prep_download | Set image pull/info command for docker - set_fact: - image_pull_command: "{{ docker_bin_dir }}/docker pull" - image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','" - when: container_manager == 'docker' - -- name: prep_download | Set image pull/info command for containerd - set_fact: - image_info_command: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" - image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet{{ nerdctl_extra_flags }}" - when: container_manager == 'containerd' - -- name: prep_download | Set image pull/info command for crio - set_fact: - image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" - image_pull_command: "{{ bin_dir }}/crictl pull" - when: container_manager == 'crio' - -- name: prep_download | Set image pull/info command for docker on localhost - set_fact: - image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull" - image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images" - when: container_manager_on_localhost == 'docker' - -- name: prep_download | Set image pull/info command for containerd on localhost - set_fact: - image_info_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" - image_pull_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet{{ nerdctl_extra_flags }}" - when: container_manager_on_localhost == 'containerd' - -- name: prep_download | Set image pull/info command for crio on localhost - set_fact: - image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" - image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull" - when: container_manager_on_localhost == 'crio' - - name: prep_download | On localhost, check if passwordless root is possible command: "true" delegate_to: localhost