--- - name: check if fedora coreos stat: path: /run/ostree-booted register: ostree - name: set is_ostree set_fact: is_ostree: "{{ ostree.stat.exists }}" - name: gather os specific variables include_vars: "{{ item }}" with_first_found: - files: - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" - "{{ ansible_distribution|lower }}.yml" - "{{ ansible_os_family|lower }}-{{ ansible_architecture }}.yml" - "{{ ansible_os_family|lower }}.yml" - defaults.yml paths: - ../vars skip: true tags: - facts - name: disable unified_cgroup_hierarchy in Fedora 31+ command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" when: - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' - name: reboot in Fedora 31+ reboot: when: - ansible_distribution == "Fedora" - (ansible_distribution_major_version | int) >= 31 - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0' - import_tasks: "crio_repo.yml" - import_tasks: "crictl.yml" - name: Build a list of crio runtimes set_fact: crio_runtimes: "{{ crio_runtimes + kata_runtimes }}" when: - kata_containers_enabled - name: Make sure needed folders exist in the system with_items: - /etc/crio - /etc/containers - /etc/systemd/system/crio.service.d file: path: "{{ item }}" state: directory - name: Install cri-o packages package: name: "{{ item }}" state: present when: not is_ostree with_items: "{{ crio_packages }}" register: package_install until: package_install is succeeded retries: 4 delay: "{{ retry_stagger | d(3) }}" - name: Gather the rpm package facts package_facts: manager: auto when: - ansible_distribution == "CentOS" - ansible_distribution_major_version == "8" - name: Ensure latest version of libseccom installed # noqa 303 command: "yum update -y libseccomp" when: - ansible_distribution == "CentOS" - ansible_distribution_major_version == "8" - ansible_facts.packages['libseccomp'] | map(attribute='version') | map('regex_replace','^(?P\\d+).(?P\\d+).(?P\\d+)$', '\\g.\\g') | list | first == '2.3' notify: restart crio - name: Check if already installed stat: path: "/bin/crio" register: need_bootstrap_crio when: is_ostree - name: Install cri-o packages with osttree command: "rpm-ostree install {{ crio_packages|join(' ') }}" when: - is_ostree - not need_bootstrap_crio.stat.exists become: true - name: Reboot immediately for updated ostree reboot: become: true when: - is_ostree - not need_bootstrap_crio.stat.exists - name: Remove example CNI configs file: path: "/etc/cni/net.d/{{ item }}" state: absent loop: - 100-crio-bridge.conf - 200-loopback.conf - name: Install cri-o config template: src: crio.conf.j2 dest: /etc/crio/crio.conf notify: restart crio - name: Copy mounts.conf copy: src: mounts.conf dest: /etc/containers/mounts.conf when: - ansible_os_family == 'RedHat' notify: restart crio - name: Create directory for oci hooks file: path: /etc/containers/oci/hooks.d state: directory owner: root mode: 0755 - name: Remove metacopy mount options for older kernels ini_file: dest: /etc/containers/storage.conf section: storage.options.overlay option: mountopt value: "\"nodev\"" when: - ansible_distribution == "CentOS" - ansible_distribution_major_version == "7" - name: Write cri-o proxy drop-in template: src: http-proxy.conf.j2 dest: /etc/systemd/system/crio.service.d/http-proxy.conf notify: restart crio when: http_proxy is defined or https_proxy is defined - name: Ensure crio service is started and enabled service: name: crio daemon_reload: true enabled: true state: started - name: Verify that crio is running command: "crio-status info" register: get_crio_info until: get_crio_info is succeeded changed_when: false retries: 5 delay: "{{ retry_stagger | random + 3 }}"