12c6b5c3eb
* Vagrantfile: Bump openSUSE to Leap 15.0 * roles: container-engine: Add 'containerd' package for openSUSE The 'containerd' package contains the docker-containerd and docker-containerd-shim binaries. We also need to ensure that the latest version is installed since an older version may already be present (eg GCE images) * Remove docker log-opts for opensuse * roles: bootstrap-os: Use lowercase 'o' for openSUSE OpenSUSE is not a valid family name. The correct one is openSUSE * roles: bootstrap-os: Update zypper cache before first installation The zypper cache may be outdated so ensure that it's fully updated before we try and install the bootstrap packages.
248 lines
8.6 KiB
YAML
248 lines
8.6 KiB
YAML
---
|
|
- name: check if atomic host
|
|
stat:
|
|
path: /run/ostree-booted
|
|
register: ostree
|
|
|
|
- set_fact:
|
|
is_atomic: "{{ ostree.stat.exists }}"
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags:
|
|
- facts
|
|
|
|
# https://yum.dockerproject.org/repo/main/opensuse/ contains packages for an EOL
|
|
# openSUSE version so we can't use it. The only alternative is to use the docker
|
|
# packages from the distribution repositories.
|
|
- name: Warn about Docker version on SUSE
|
|
debug:
|
|
msg: "SUSE distributions always install Docker from the distro repos"
|
|
when: ansible_pkg_mgr == 'zypper'
|
|
|
|
- include_tasks: set_facts_dns.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
|
|
tags:
|
|
- facts
|
|
|
|
- name: check for minimum kernel version
|
|
fail:
|
|
msg: >
|
|
docker requires a minimum kernel version of
|
|
{{ docker_kernel_min_version }} on
|
|
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
|
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
|
|
tags:
|
|
- facts
|
|
|
|
- import_tasks: pre-upgrade.yml
|
|
|
|
- name: ensure docker-ce repository public key is installed
|
|
action: "{{ docker_repo_key_info.pkg_key }}"
|
|
args:
|
|
id: "{{item}}"
|
|
url: "{{docker_repo_key_info.url}}"
|
|
state: present
|
|
register: keyserver_task_result
|
|
until: keyserver_task_result is succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | d(3) }}"
|
|
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
|
|
|
- name: ensure docker-ce repository is enabled
|
|
action: "{{ docker_repo_info.pkg_repo }}"
|
|
args:
|
|
repo: "{{item}}"
|
|
state: present
|
|
with_items: "{{ docker_repo_info.repos }}"
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
|
|
|
- name: ensure docker-engine repository public key is installed
|
|
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
|
args:
|
|
id: "{{item}}"
|
|
url: "{{dockerproject_repo_key_info.url}}"
|
|
state: present
|
|
register: keyserver_task_result
|
|
until: keyserver_task_result is succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | d(3) }}"
|
|
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
|
when:
|
|
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
|
- use_docker_engine is defined and use_docker_engine
|
|
|
|
- name: ensure docker-engine repository is enabled
|
|
action: "{{ dockerproject_repo_info.pkg_repo }}"
|
|
args:
|
|
repo: "{{item}}"
|
|
state: present
|
|
with_items: "{{ dockerproject_repo_info.repos }}"
|
|
when:
|
|
- use_docker_engine is defined and use_docker_engine
|
|
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
|
|
|
- name: Configure docker repository on Fedora
|
|
template:
|
|
src: "fedora_docker.repo.j2"
|
|
dest: "{{ yum_repo_dir }}/docker.repo"
|
|
when: ansible_distribution == "Fedora" and not is_atomic
|
|
|
|
- name: Configure docker repository on RedHat/CentOS
|
|
template:
|
|
src: "rh_docker.repo.j2"
|
|
dest: "{{ yum_repo_dir }}/docker.repo"
|
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
|
|
- name: check if container-selinux is available
|
|
yum:
|
|
list: "container-selinux"
|
|
register: yum_result
|
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
|
|
- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
|
|
yum_repository:
|
|
name: extras
|
|
description: "CentOS-7 - Extras"
|
|
state: present
|
|
baseurl: "{{ extras_rh_repo_base_url }}"
|
|
file: "extras"
|
|
gpgcheck: yes
|
|
gpgkey: "{{extras_rh_repo_gpgkey}}"
|
|
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
|
proxy: " {{ http_proxy | default('_none_') }}"
|
|
when:
|
|
- ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
- yum_result.results | length == 0
|
|
|
|
- name: Copy yum.conf for editing
|
|
copy:
|
|
src: "{{ yum_conf }}"
|
|
dest: "{{ docker_yum_conf }}"
|
|
remote_src: yes
|
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
|
|
- name: Edit copy of yum.conf to set obsoletes=0
|
|
lineinfile:
|
|
path: "{{ docker_yum_conf }}"
|
|
state: present
|
|
regexp: '^obsoletes='
|
|
line: 'obsoletes=0'
|
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
|
|
- name: ensure docker packages are installed
|
|
action: "{{ docker_package_info.pkg_mgr }}"
|
|
args:
|
|
pkg: "{{item.name}}"
|
|
force: "{{item.force|default(omit)}}"
|
|
conf_file: "{{item.yum_conf|default(omit)}}"
|
|
state: "{{item.state | default('present')}}"
|
|
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
|
|
register: docker_task_result
|
|
until: docker_task_result is succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | d(3) }}"
|
|
with_items: "{{ docker_package_info.pkgs }}"
|
|
notify: restart docker
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
|
ignore_errors: true
|
|
|
|
- name: Ensure docker packages are installed
|
|
action: "{{ docker_package_info.pkg_mgr }}"
|
|
args:
|
|
name: "{{ item.name }}"
|
|
state: "{{item.state | default('present')}}"
|
|
with_items: "{{ docker_package_info.pkgs }}"
|
|
register: docker_task_result
|
|
until: docker_task_result is succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | d(3) }}"
|
|
notify: restart docker
|
|
ignore_errors: true
|
|
when: ansible_os_family in ["ClearLinux"]
|
|
|
|
- name: get available packages on Ubuntu
|
|
command: apt-cache policy docker-ce
|
|
when:
|
|
- docker_task_result is failed
|
|
- ansible_distribution == 'Ubuntu'
|
|
register: available_packages
|
|
|
|
- name: show available packages on ubuntu
|
|
fail:
|
|
msg: "{{available_packages}}"
|
|
when:
|
|
- docker_task_result is failed
|
|
- ansible_distribution == 'Ubuntu'
|
|
|
|
# This is required to ensure any apt upgrade will not break kubernetes
|
|
- name: Set docker pin priority to apt_preferences on Debian family
|
|
template:
|
|
src: "apt_preferences.d/debian_docker.j2"
|
|
dest: "/etc/apt/preferences.d/docker"
|
|
owner: "root"
|
|
mode: 0644
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux", "RedHat", "Suse"] or is_atomic)
|
|
|
|
- name: ensure docker started, remove our config if docker start failed and try again
|
|
block:
|
|
- name: ensure service is started if docker packages are already present
|
|
service:
|
|
name: docker
|
|
state: started
|
|
when: docker_task_result is not changed
|
|
rescue:
|
|
- debug:
|
|
msg: "Docker start failed. Try to remove our config"
|
|
- name: remove kubespray generated config
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/systemd/system/docker.service.d/http-proxy.conf
|
|
- /etc/systemd/system/docker.service.d/docker-options.conf
|
|
- /etc/systemd/system/docker.service.d/docker-dns.conf
|
|
- /etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf
|
|
notify: restart docker
|
|
|
|
- name: flush handlers so we can wait for docker to come up
|
|
meta: flush_handlers
|
|
|
|
- name: set fact for docker_version
|
|
command: "docker version -f '{{ '{{' }}.Client.Version{{ '}}' }}'"
|
|
register: installed_docker_version
|
|
changed_when: false
|
|
|
|
- name: check minimum docker version for docker_dns mode. You need at least docker version >= 1.12 for resolvconf_mode=docker_dns
|
|
fail:
|
|
msg: "You need at least docker version >= 1.12 for resolvconf_mode=docker_dns"
|
|
when: >
|
|
dns_mode != 'none' and
|
|
resolvconf_mode == 'docker_dns' and
|
|
installed_docker_version.stdout is version('1.12', '<')
|
|
|
|
- name: Set docker systemd config
|
|
import_tasks: systemd.yml
|
|
|
|
- name: ensure docker service is started and enabled
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- docker
|