c12s-kubespray/roles/download/tasks/prep_download.yml
Cristian Calin 7516fe142f
Move to Ansible 3.4.0 (#7672)
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00

118 lines
4.2 KiB
YAML

---
- name: prep_download | Set a few facts
set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}"
tags:
- facts
# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing
# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{`
- name: prep_download | Set image pull/info command for docker
set_fact:
image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','"
when: container_manager == 'docker'
- name: prep_download | Set image pull/info command for containerd and crio
set_fact:
image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command: "{{ bin_dir }}/crictl pull"
when: container_manager in ['crio' ,'containerd']
- name: prep_download | Set image pull/info command for docker on localhost
set_fact:
image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"
when: container_manager_on_localhost == 'docker'
- name: prep_download | Set image pull/info command for containerd and crio on localhost
set_fact:
image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull"
when: container_manager_on_localhost in ['crio' ,'containerd']
- name: prep_download | On localhost, check if passwordless root is possible
command: "true"
delegate_to: localhost
connection: local
run_once: true
register: test_become
changed_when: false
ignore_errors: true # noqa ignore-errors
become: true
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | On localhost, check if user has access to the container runtime without using sudo
shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell
delegate_to: localhost
connection: local
run_once: true
register: test_docker
changed_when: false
ignore_errors: true # noqa ignore-errors
become: false
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Parse the outputs of the previous commands
set_fact:
user_in_docker_group: "{{ not test_docker.failed }}"
user_can_become_root: "{{ not test_become.failed }}"
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Check that local user is in group or can become root
assert:
that: "user_in_docker_group or user_can_become_root"
msg: >-
Error: User is not in docker group and cannot become root. When download_localhost is true, at least one of these two conditions must be met.
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Register docker images info
shell: "{{ image_info_command }}" # noqa 305 image_info_command contains pipe therefore requires shell
no_log: true
register: docker_images
failed_when: false
changed_when: false
check_mode: no
when: download_container
- name: prep_download | Create staging directory on remote node
file:
path: "{{ local_release_dir }}/images"
state: directory
recurse: yes
mode: 0755
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
when:
- ansible_os_family not in ["Flatcar Container Linux by Kinvolk"]
- name: prep_download | Create local cache for files and images on control node
file:
path: "{{ download_cache_dir }}/images"
state: directory
recurse: yes
mode: 0755
delegate_to: localhost
connection: local
delegate_facts: no
run_once: true
become: false
when:
- download_force_cache
tags:
- localhost