7516fe142f
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
118 lines
4.2 KiB
YAML
118 lines
4.2 KiB
YAML
---
|
|
- name: prep_download | Set a few facts
|
|
set_fact:
|
|
download_force_cache: "{{ true if download_run_once else download_force_cache }}"
|
|
tags:
|
|
- facts
|
|
|
|
# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing
|
|
# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{`
|
|
- name: prep_download | Set image pull/info command for docker
|
|
set_fact:
|
|
image_pull_command: "{{ docker_bin_dir }}/docker pull"
|
|
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','"
|
|
when: container_manager == 'docker'
|
|
|
|
- name: prep_download | Set image pull/info command for containerd and crio
|
|
set_fact:
|
|
image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
|
|
image_pull_command: "{{ bin_dir }}/crictl pull"
|
|
when: container_manager in ['crio' ,'containerd']
|
|
|
|
- name: prep_download | Set image pull/info command for docker on localhost
|
|
set_fact:
|
|
image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
|
|
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"
|
|
when: container_manager_on_localhost == 'docker'
|
|
|
|
- name: prep_download | Set image pull/info command for containerd and crio on localhost
|
|
set_fact:
|
|
image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
|
|
image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull"
|
|
when: container_manager_on_localhost in ['crio' ,'containerd']
|
|
|
|
- name: prep_download | On localhost, check if passwordless root is possible
|
|
command: "true"
|
|
delegate_to: localhost
|
|
connection: local
|
|
run_once: true
|
|
register: test_become
|
|
changed_when: false
|
|
ignore_errors: true # noqa ignore-errors
|
|
become: true
|
|
when:
|
|
- download_localhost
|
|
tags:
|
|
- localhost
|
|
- asserts
|
|
|
|
- name: prep_download | On localhost, check if user has access to the container runtime without using sudo
|
|
shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell
|
|
delegate_to: localhost
|
|
connection: local
|
|
run_once: true
|
|
register: test_docker
|
|
changed_when: false
|
|
ignore_errors: true # noqa ignore-errors
|
|
become: false
|
|
when:
|
|
- download_localhost
|
|
tags:
|
|
- localhost
|
|
- asserts
|
|
|
|
- name: prep_download | Parse the outputs of the previous commands
|
|
set_fact:
|
|
user_in_docker_group: "{{ not test_docker.failed }}"
|
|
user_can_become_root: "{{ not test_become.failed }}"
|
|
when:
|
|
- download_localhost
|
|
tags:
|
|
- localhost
|
|
- asserts
|
|
|
|
- name: prep_download | Check that local user is in group or can become root
|
|
assert:
|
|
that: "user_in_docker_group or user_can_become_root"
|
|
msg: >-
|
|
Error: User is not in docker group and cannot become root. When download_localhost is true, at least one of these two conditions must be met.
|
|
when:
|
|
- download_localhost
|
|
tags:
|
|
- localhost
|
|
- asserts
|
|
|
|
- name: prep_download | Register docker images info
|
|
shell: "{{ image_info_command }}" # noqa 305 image_info_command contains pipe therefore requires shell
|
|
no_log: true
|
|
register: docker_images
|
|
failed_when: false
|
|
changed_when: false
|
|
check_mode: no
|
|
when: download_container
|
|
|
|
- name: prep_download | Create staging directory on remote node
|
|
file:
|
|
path: "{{ local_release_dir }}/images"
|
|
state: directory
|
|
recurse: yes
|
|
mode: 0755
|
|
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
|
|
when:
|
|
- ansible_os_family not in ["Flatcar Container Linux by Kinvolk"]
|
|
|
|
- name: prep_download | Create local cache for files and images on control node
|
|
file:
|
|
path: "{{ download_cache_dir }}/images"
|
|
state: directory
|
|
recurse: yes
|
|
mode: 0755
|
|
delegate_to: localhost
|
|
connection: local
|
|
delegate_facts: no
|
|
run_once: true
|
|
become: false
|
|
when:
|
|
- download_force_cache
|
|
tags:
|
|
- localhost
|