c12s-kubespray/roles/container-engine/cri-o/tasks/crio_repo.yml
AnatomicJC 627a06e30d
CRI-O: Install libseccomp2 from backports on Debian 10 (#7816)
* CRI-O: Install libseccomp2 from backports on Debian 10

libseccomp2 is a required dependency of cri-o-runc package

The one provided in Debian 10 repositories is outdated

* 7816: Remove useless when condition

As this condition is handled by block
2021-07-23 07:07:16 -07:00

161 lines
5.5 KiB
YAML

---
- block:
- name: Add Debian Backports apt repo
apt_repository:
repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
state: present
filename: debian-backports
- name: Set libseccomp2 pin priority to apt_preferences on Debian buster
copy:
content: |
Package: libseccomp2
Pin: release a={{ ansible_distribution_release }}-backports
Pin-Priority: 1001
dest: "/etc/apt/preferences.d/libseccomp2"
owner: "root"
mode: 0644
when:
- ansible_distribution == "Debian"
- ansible_distribution_version == "10"
- name: CRI-O kubic repo name for debian os family
set_fact:
crio_kubic_debian_repo_name: "{{ ((ansible_distribution == 'Ubuntu') | ternary('x','')) ~ ansible_distribution ~ '_' ~ ansible_distribution_version }}"
when: ansible_os_family == "Debian"
- name: Add CRI-O kubic apt repo key
apt_key:
url: "https://{{ crio_download_base }}/{{ crio_kubic_debian_repo_name }}/Release.key"
state: present
when: crio_kubic_debian_repo_name is defined
register: apt_key_download
until: apt_key_download is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
environment: "{{ proxy_env }}"
- name: Add CRI-O kubic apt repo
apt_repository:
repo: "deb http://{{ crio_download_base }}/{{ crio_kubic_debian_repo_name }}/ /"
state: present
filename: devel-kubic-libcontainers-stable
when: crio_kubic_debian_repo_name is defined
- name: Add CRI-O kubic cri-o apt repo
apt_repository:
repo: "deb {{ crio_download_crio }}{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /"
state: present
filename: devel-kubic-libcontainers-stable-cri-o
when: crio_kubic_debian_repo_name is defined
- name: Check that amzn2-extras.repo exists
stat:
path: /etc/yum.repos.d/amzn2-extras.repo
register: amzn2_extras_file_stat
when: ansible_distribution in ["Amazon"]
- name: Find docker repo in amzn2-extras.repo file
lineinfile:
dest: /etc/yum.repos.d/amzn2-extras.repo
line: "[amzn2extra-docker]"
check_mode: yes
register: amzn2_extras_docker_repo
when:
- ansible_distribution in ["Amazon"]
- amzn2_extras_file_stat.stat.exists
- name: Remove docker repository
ini_file:
dest: /etc/yum.repos.d/amzn2-extras.repo
section: amzn2extra-docker
option: enabled
value: "0"
backup: yes
mode: 0644
when:
- ansible_distribution in ["Amazon"]
- amzn2_extras_file_stat.stat.exists
- not amzn2_extras_docker_repo.changed
- name: Add container-selinux yum repo
yum_repository:
name: copr:copr.fedorainfracloud.org:lsm5:container-selinux
file: _copr_lsm5-container-selinux.repo
description: Copr repo for container-selinux owned by lsm5
baseurl: https://download.copr.fedorainfracloud.org/results/lsm5/container-selinux/epel-7-$basearch/
gpgcheck: yes
gpgkey: https://download.copr.fedorainfracloud.org/results/lsm5/container-selinux/pubkey.gpg
skip_if_unavailable: yes
enabled: yes
repo_gpgcheck: no
when: ansible_distribution in ["Amazon"]
- name: Add CRI-O kubic yum repo
yum_repository:
name: devel_kubic_libcontainers_stable
description: Stable Releases of Upstream github.com/containers packages (CentOS_$releasever)
baseurl: http://{{ crio_download_base }}/CentOS_{{ ansible_distribution_major_version }}/
gpgcheck: yes
gpgkey: http://{{ crio_download_base }}/CentOS_{{ ansible_distribution_major_version }}/repodata/repomd.xml.key
keepcache: '0'
when:
- ansible_os_family == "RedHat"
- ansible_distribution not in ["Amazon", "Fedora"]
- name: Add CRI-O kubic yum repo
yum_repository:
name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
description: "CRI-O {{ crio_version }} (CentOS_$releasever)"
baseurl: "{{ crio_download_crio }}{{ crio_version }}/CentOS_{{ ansible_distribution_major_version }}/"
gpgcheck: yes
gpgkey: "{{ crio_download_crio }}{{ crio_version }}/CentOS_{{ ansible_distribution_major_version }}/repodata/repomd.xml.key"
when:
- ansible_os_family == "RedHat"
- ansible_distribution not in ["Amazon", "Fedora"]
- name: Add CRI-O kubic yum repo
yum_repository:
name: devel_kubic_libcontainers_stable
description: Stable Releases of Upstream github.com/containers packages
baseurl: http://{{ crio_download_base }}/CentOS_7/
gpgcheck: yes
gpgkey: http://{{ crio_download_base }}/CentOS_7/repodata/repomd.xml.key
keepcache: '0'
when: ansible_distribution in ["Amazon"]
- name: Add CRI-O kubic yum repo
yum_repository:
name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
description: "CRI-O {{ crio_version }}"
baseurl: "{{ crio_download_crio }}{{ crio_version }}/CentOS_7/"
gpgcheck: yes
gpgkey: "{{ crio_download_crio }}{{ crio_version }}/CentOS_7/repodata/repomd.xml.key"
when: ansible_distribution in ["Amazon"]
- name: Enable modular repos for CRI-O
ini_file:
path: "/etc/yum.repos.d/{{ item.repo }}.repo"
section: "{{ item.section }}"
option: enabled
value: 1
mode: 0644
become: true
when: is_ostree
loop:
- repo: "fedora-updates-modular"
section: "updates-modular"
- repo: "fedora-modular"
section: "fedora-modular"
- name: Enable CRI-O module
command: "dnf -y module enable cri-o:{{ crio_version }}"
args:
warn: False
register: crio_dnf_result
changed_when: "'Enabling' in crio_dnf_result.stdout"
become: true
when:
- ansible_distribution in ["Fedora"]
- not is_ostree