Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)

* Ensure libseccomp is installed before starting containerd on CentOS 8

* Simplify libseccomp install on CentOS 8

- Uses `package` module
- Replaces complex version check with 'state: latest'. The version must
  be > 2.3 when using with cri-o.
- Removes unnecessary `not is_ostree` condition as CentOS 8 does not use
  ostree
This commit is contained in:
OwenTuz 2020-12-03 21:43:26 +00:00 committed by GitHub
parent 06ec5393d7
commit d315f73080
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 10 deletions

View file

@ -129,4 +129,13 @@
- not is_ostree
- not runc_stat.stat.exists
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
notify: restart containerd
- include_tasks: crictl.yml

View file

@ -83,19 +83,13 @@
retries: 4
delay: "{{ retry_stagger | d(3) }}"
- name: Gather the rpm package facts
package_facts:
manager: auto
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
- name: Ensure latest version of libseccom installed # noqa 303
command: "yum update -y libseccomp"
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
- ansible_facts.packages['libseccomp'] | map(attribute='version') | map('regex_replace','^(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') | list | first == '2.3'
notify: restart crio
- name: Check if already installed

View file

@ -211,6 +211,15 @@
selection: hold
when: ansible_os_family in ["Debian"]
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
notify: restart docker
- name: ensure docker started, remove our config if docker start failed and try again
block:
- name: ensure service is started if docker packages are already present