c12s-kubespray/roles/download/tasks/prep_download.yml
Choi Yongbeom 24f1402a14
nerdctl insecure registry config (#8339)
* Update prep_download.yml

nerdctl insecure registry config

* Update prep_download.yml

* Update prep_download.yml

apply conversations advice

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update main.yml

* Update main.yml

* Update prep_download.yml

* Update prep_download.yml
2022-01-05 01:14:33 -08:00

130 lines
5 KiB
YAML

---
- name: prep_download | Set a few facts
set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}"
tags:
- facts
# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing
# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{`
- name: prep_download | Set image pull/info command for docker
set_fact:
image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','"
when: container_manager == 'docker'
- name: prep_download | Set image pull/info command for containerd
set_fact:
image_info_command: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','"
image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet{{ nerdctl_extra_flags }}"
when: container_manager == 'containerd'
- name: prep_download | Set image pull/info command for crio
set_fact:
image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command: "{{ bin_dir }}/crictl pull"
when: container_manager == 'crio'
- name: prep_download | Set image pull/info command for docker on localhost
set_fact:
image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"
when: container_manager_on_localhost == 'docker'
- name: prep_download | Set image pull/info command for containerd on localhost
set_fact:
image_info_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','"
image_pull_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet{{ nerdctl_extra_flags }}"
when: container_manager_on_localhost == 'containerd'
- name: prep_download | Set image pull/info command for crio on localhost
set_fact:
image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','"
image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull"
when: container_manager_on_localhost == 'crio'
- name: prep_download | On localhost, check if passwordless root is possible
command: "true"
delegate_to: localhost
connection: local
run_once: true
register: test_become
changed_when: false
ignore_errors: true # noqa ignore-errors
become: true
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | On localhost, check if user has access to the container runtime without using sudo
shell: "{{ image_info_command_on_localhost }}" # noqa 305 image_info_command_on_localhost contains pipe, therefore requires shell
delegate_to: localhost
connection: local
run_once: true
register: test_docker
changed_when: false
ignore_errors: true # noqa ignore-errors
become: false
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Parse the outputs of the previous commands
set_fact:
user_in_docker_group: "{{ not test_docker.failed }}"
user_can_become_root: "{{ not test_become.failed }}"
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Check that local user is in group or can become root
assert:
that: "user_in_docker_group or user_can_become_root"
msg: >-
Error: User is not in docker group and cannot become root. When download_localhost is true, at least one of these two conditions must be met.
when:
- download_localhost
tags:
- localhost
- asserts
- name: prep_download | Register docker images info
shell: "{{ image_info_command }}" # noqa 305 image_info_command contains pipe therefore requires shell
no_log: true
register: docker_images
failed_when: false
changed_when: false
check_mode: no
when: download_container
- name: prep_download | Create staging directory on remote node
file:
path: "{{ local_release_dir }}/images"
state: directory
recurse: yes
mode: 0755
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: prep_download | Create local cache for files and images on control node
file:
path: "{{ download_cache_dir }}/images"
state: directory
recurse: yes
mode: 0755
delegate_to: localhost
connection: local
delegate_facts: no
run_once: true
become: false
when:
- download_force_cache
tags:
- localhost