mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2025-12-15 22:34:21 +03:00
0d4f57aa22
* Validate systemd unit files This ensure that we fail early if we have a bad systemd unit file (syntax error, using a version not available in the local version, etc) * Hack to check systemd version for service files validation factory-reset.target was introduced in system 250, same version as the aliasing feature we need for verifying systemd services with ansible. So we only actually executes the validation if that target is present. This is an horrible hack which should be reverted as soon as we drop support for distributions with systemd<250.
144 lines
4.4 KiB
YAML
144 lines
4.4 KiB
YAML
---
|
|
- name: Fail containerd setup if distribution is not supported
|
|
fail:
|
|
msg: "{{ ansible_distribution }} is not supported by containerd."
|
|
when:
|
|
- not (allow_unsupported_distribution_setup | default(false)) and (ansible_distribution not in containerd_supported_distributions)
|
|
|
|
- name: Containerd | Remove any package manager controlled containerd package
|
|
package:
|
|
name: "{{ containerd_package }}"
|
|
state: absent
|
|
when:
|
|
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
|
|
|
|
- name: Containerd | Remove containerd repository
|
|
file:
|
|
path: "{{ yum_repo_dir }}/containerd.repo"
|
|
state: absent
|
|
when:
|
|
- ansible_os_family in ['RedHat']
|
|
|
|
- name: Containerd | Remove containerd repository
|
|
apt_repository:
|
|
repo: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ containerd_repo_info.repos }}"
|
|
when: ansible_pkg_mgr == 'apt'
|
|
|
|
- name: Containerd | Download containerd
|
|
include_tasks: "../../../download/tasks/download_file.yml"
|
|
vars:
|
|
download: "{{ download_defaults | combine(downloads.containerd) }}"
|
|
|
|
- name: Containerd | Unpack containerd archive
|
|
unarchive:
|
|
src: "{{ downloads.containerd.dest }}"
|
|
dest: "{{ containerd_bin_dir }}"
|
|
mode: 0755
|
|
remote_src: yes
|
|
extra_opts:
|
|
- --strip-components=1
|
|
notify: Restart containerd
|
|
|
|
- name: Containerd | Remove orphaned binary
|
|
file:
|
|
path: "/usr/bin/{{ item }}"
|
|
state: absent
|
|
when:
|
|
- containerd_bin_dir != "/usr/bin"
|
|
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
|
|
ignore_errors: true # noqa ignore-errors
|
|
with_items:
|
|
- containerd
|
|
- containerd-shim
|
|
- containerd-shim-runc-v1
|
|
- containerd-shim-runc-v2
|
|
- ctr
|
|
|
|
- name: Containerd | Generate systemd service for containerd
|
|
template:
|
|
src: containerd.service.j2
|
|
dest: /etc/systemd/system/containerd.service
|
|
mode: 0644
|
|
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'"
|
|
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
|
|
# Remove once we drop support for systemd < 250
|
|
notify: Restart containerd
|
|
|
|
- name: Containerd | Ensure containerd directories exist
|
|
file:
|
|
dest: "{{ item }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{ containerd_systemd_dir }}"
|
|
- "{{ containerd_cfg_dir }}"
|
|
- "{{ containerd_storage_dir }}"
|
|
- "{{ containerd_state_dir }}"
|
|
|
|
- name: Containerd | Write containerd proxy drop-in
|
|
template:
|
|
src: http-proxy.conf.j2
|
|
dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
|
|
mode: 0644
|
|
notify: Restart containerd
|
|
when: http_proxy is defined or https_proxy is defined
|
|
|
|
- name: Containerd | Generate default base_runtime_spec
|
|
register: ctr_oci_spec
|
|
command: "{{ containerd_bin_dir }}/ctr oci spec"
|
|
check_mode: false
|
|
changed_when: false
|
|
|
|
- name: Containerd | Store generated default base_runtime_spec
|
|
set_fact:
|
|
containerd_default_base_runtime_spec: "{{ ctr_oci_spec.stdout | from_json }}"
|
|
|
|
- name: Containerd | Write base_runtime_specs
|
|
copy:
|
|
content: "{{ item.value }}"
|
|
dest: "{{ containerd_cfg_dir }}/{{ item.key }}"
|
|
owner: "root"
|
|
mode: 0644
|
|
with_dict: "{{ containerd_base_runtime_specs | default({}) }}"
|
|
notify: Restart containerd
|
|
|
|
- name: Containerd | Copy containerd config file
|
|
template:
|
|
src: config.toml.j2
|
|
dest: "{{ containerd_cfg_dir }}/config.toml"
|
|
owner: "root"
|
|
mode: 0640
|
|
notify: Restart containerd
|
|
|
|
- name: Containerd | Configure containerd registries
|
|
when: containerd_registries_mirrors is defined
|
|
block:
|
|
- name: Containerd | Create registry directories
|
|
file:
|
|
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}"
|
|
state: directory
|
|
mode: 0755
|
|
loop: "{{ containerd_registries_mirrors }}"
|
|
- name: Containerd | Write hosts.toml file
|
|
template:
|
|
src: hosts.toml.j2
|
|
dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml"
|
|
mode: 0640
|
|
loop: "{{ containerd_registries_mirrors }}"
|
|
|
|
# you can sometimes end up in a state where everything is installed
|
|
# but containerd was not started / enabled
|
|
- name: Containerd | Flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: Containerd | Ensure containerd is started and enabled
|
|
systemd:
|
|
name: containerd
|
|
daemon_reload: yes
|
|
enabled: yes
|
|
state: started
|