c39638a148
The compute-kit jobs are used to test new images which are published to buildset registry. We have to configure containerd which is used for multinode compute-kit jobs to use this buildset registry. The role use-buildset-registry that we used before does not properly configure containerd. So we extended deploy-docker playbook to configure both buildset registry and registry mirror if they are defined. Change-Id: Idb892a3fcaf51385998d466dbdff8de36d9dd338
151 lines
4.6 KiB
YAML
151 lines
4.6 KiB
YAML
- hosts: all
|
|
become: true
|
|
gather_facts: true
|
|
tasks:
|
|
- name: Remove old docker packages
|
|
apt:
|
|
pkg:
|
|
- docker.io
|
|
- docker-doc
|
|
- docker-compose
|
|
- podman-docker
|
|
- containerd
|
|
- runc
|
|
state: absent
|
|
|
|
- name: Ensure dependencies are installed
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg2
|
|
state: present
|
|
|
|
- name: Add Docker apt repository key
|
|
apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
keyring: /etc/apt/trusted.gpg.d/docker.gpg
|
|
state: present
|
|
|
|
- name: Get dpkg arch
|
|
command: dpkg --print-architecture
|
|
register: dpkg_architecture
|
|
|
|
- name: Add Docker apt repository
|
|
apt_repository:
|
|
repo: deb [arch="{{ dpkg_architecture.stdout }}" signed-by=/etc/apt/trusted.gpg.d/docker.gpg] https://download.docker.com/linux/ubuntu "{{ ansible_distribution_release }}" stable
|
|
state: present
|
|
filename: docker.list
|
|
|
|
- name: Install docker packages
|
|
apt:
|
|
pkg:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install Crictl
|
|
shell: |
|
|
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/{{crictl_version}}/crictl-{{crictl_version}}-linux-amd64.tar.gz
|
|
sudo tar zxvf crictl-{{crictl_version}}-linux-amd64.tar.gz -C /usr/local/bin
|
|
rm -f crictl-{{crictl_version}}-linux-amd64.tar.gz
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Configure Docker daemon
|
|
copy:
|
|
src: files/daemon.json
|
|
dest: /etc/docker/daemon.json
|
|
|
|
- name: Restart docker
|
|
service:
|
|
name: docker
|
|
daemon_reload: yes
|
|
state: restarted
|
|
|
|
- name: Set mirror_fqdn fact
|
|
when:
|
|
- registry_mirror is not defined
|
|
- zuul_site_mirror_fqdn is defined
|
|
set_fact:
|
|
registry_mirror: "http://{{ zuul_site_mirror_fqdn }}:8082"
|
|
|
|
- name: Set regitstry namespaces
|
|
set_fact:
|
|
registry_namespaces:
|
|
- namespace: "_default"
|
|
mirror: "{{ registry_mirror }}"
|
|
skip_server: true
|
|
skip_verify: true
|
|
when: registry_mirror is defined
|
|
|
|
- name: Buildset registry namespace
|
|
when: buildset_registry is defined
|
|
block:
|
|
- name: Buildset registry alias
|
|
include_tasks:
|
|
file: buildset_registry_alias.yaml
|
|
|
|
- name: Write buildset registry TLS certificate
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "/usr/local/share/ca-certificates/{{ buildset_registry_alias }}.crt"
|
|
mode: 0644
|
|
register: buildset_registry_tls_ca
|
|
|
|
- name: Update CA certs
|
|
command: "update-ca-certificates"
|
|
when: buildset_registry_tls_ca is changed
|
|
|
|
- name: Set buildset registry namespace
|
|
set_fact:
|
|
buildset_registry_namespace:
|
|
namespace: '{{ buildset_registry_alias }}:{{ buildset_registry.port }}'
|
|
mirror: 'https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}'
|
|
ca: "/usr/local/share/ca-certificates/{{ buildset_registry_alias }}.crt"
|
|
auth: "{{ (buildset_registry.username + ':' + buildset_registry.password) | b64encode }}"
|
|
|
|
- name: Init registry_namespaces if not defined
|
|
set_fact:
|
|
registry_namespaces: "[]"
|
|
when: not registry_namespaces is defined
|
|
|
|
- name: Append buildset_registry to registry namespaces
|
|
when:
|
|
- buildset_registry_namespace is defined
|
|
- registry_namespaces is defined
|
|
set_fact:
|
|
registry_namespaces: "{{ registry_namespaces + [ buildset_registry_namespace ] }}"
|
|
|
|
- name: Configure containerd
|
|
template:
|
|
src: files/containerd_config.toml
|
|
dest: /etc/containerd/config.toml
|
|
|
|
- name: Create containerd config directory hierarchy
|
|
file:
|
|
state: directory
|
|
path: /etc/containerd/certs.d
|
|
|
|
- name: Create host namespace directory
|
|
file:
|
|
state: directory
|
|
path: "/etc/containerd/certs.d/{{ item.namespace }}"
|
|
loop: "{{ registry_namespaces }}"
|
|
|
|
- name: Create hosts.toml file
|
|
template:
|
|
src: files/hosts.toml
|
|
dest: "/etc/containerd/certs.d/{{ item.namespace }}/hosts.toml"
|
|
loop: "{{ registry_namespaces }}"
|
|
|
|
- name: Restart containerd
|
|
service:
|
|
name: containerd
|
|
daemon_reload: yes
|
|
state: restarted
|