c12s-kubespray/roles/container-engine/containerd/tasks/containerd_repo.yml

---
- name: ensure containerd repository public key is installed
  action: "{{ containerd_repo_key_info.pkg_key }}"
  args:
    id: "{{ item }}"
    url: "{{ containerd_repo_key_info.url }}"
    state: present
  register: keyserver_task_result
  until: keyserver_task_result is succeeded
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"
  with_items: "{{ containerd_repo_key_info.repo_keys }}"
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']

- name: ensure containerd repository is enabled
  action: "{{ containerd_repo_info.pkg_repo }}"
  args:
    repo: "{{ item }}"
    state: present
  with_items: "{{ containerd_repo_info.repos }}"
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']
    - containerd_repo_info.repos|length > 0

# This is required to ensure any apt upgrade will not break kubernetes
- name: Set containerd pin priority to apt_preferences on Debian family
  template:
    src: "apt_preferences.d/debian_containerd.j2"
    dest: "/etc/apt/preferences.d/containerd"
    owner: "root"
    mode: 0644
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']

- name: Configure containerd repository on Fedora
  template:
    src: "fedora_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
  when: ansible_distribution == "Fedora"

- name: Configure containerd repository on RedHat/CentOS
  template:
    src: "rh_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
  when: ansible_distribution in ["CentOS","RedHat"]

- name: check if container-selinux is available
  yum:
    list: "container-selinux"
  register: yum_result
  when: ansible_distribution in ["CentOS","RedHat"]

- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
  yum_repository:
    name: extras
    description: "CentOS-{{ ansible_distribution_major_version }} - Extras"
    state: present
    baseurl: "{{ extras_rh_repo_base_url }}"
    file: "extras"
    gpgcheck: "{{ 'yes' if extras_rh_repo_gpgkey else 'no' }}"
    gpgkey: "{{ extras_rh_repo_gpgkey }}"
    keepcache: "{{ containerd_rpm_keepcache | default('1') }}"
    proxy: " {{ http_proxy | default('_none_') }}"
  when:
    - ansible_distribution in ["CentOS","RedHat"]
    - yum_result.results | length == 0