openstack/ansible-collection-kolla
Code Issues Proposed changes

Merge "ansible-lint: Fix fqcn[action/action-core]"

Browse Source
This commit is contained in:
Zuul
2025-12-03 08:01:23 +00:00
committed by Gerrit Code Review
parent 113abac1b1 55d3c245c9
commit 1850d7f025
31 changed files with 229 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.ansible-lint
View File

@@ -3,9 +3,6 @@ use_default_rules: true
skip_list: skip_list:
# Experimental # Experimental
- experimental - experimental
# Use FQCN
- fqcn[action]
- fqcn[action-core]
# Galaxy changelog and runtime defined # Galaxy changelog and runtime defined
- galaxy[no-changelog] - galaxy[no-changelog]
- galaxy[no-runtime] - galaxy[no-runtime]

2
roles/apparmor_libvirt/tasks/main.yml
View File

@@ -1,5 +1,5 @@
--- ---
- include_tasks: remove-profile.yml - ansible.builtin.include_tasks: remove-profile.yml
when: when:
- ansible_facts.distribution == "Ubuntu" - ansible_facts.distribution == "Ubuntu"
- apparmor_remove_libvirt_profile | bool - apparmor_remove_libvirt_profile | bool

11
roles/apparmor_libvirt/tasks/remove-profile.yml
View File

@@ -1,18 +1,19 @@
--- ---
- name: Get stat of libvirtd apparmor profile - name: Get stat of libvirtd apparmor profile
stat: ansible.builtin.stat:
path: /etc/apparmor.d/usr.sbin.libvirtd path: /etc/apparmor.d/usr.sbin.libvirtd
register: apparmor_libvirtd_profile register: apparmor_libvirtd_profile
- name: Get stat of libvirtd apparmor disable profile - name: Get stat of libvirtd apparmor disable profile
stat: ansible.builtin.stat:
path: /etc/apparmor.d/disable/usr.sbin.libvirtd path: /etc/apparmor.d/disable/usr.sbin.libvirtd
register: apparmor_libvirtd_disable_profile register: apparmor_libvirtd_disable_profile
- name: Remove apparmor profile for libvirt - name: Remove apparmor profile for libvirt
shell: | ansible.builtin.shell:
apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \ cmd: |
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
args: args:
executable: /bin/bash executable: /bin/bash
become: true become: true

20
roles/baremetal/tasks/configure-ceph-for-zun.yml
View File

@@ -5,33 +5,33 @@
block: block:
- block: - block:
- name: Ensure apt sources list directory exists - name: Ensure apt sources list directory exists
file: ansible.builtin.file:
path: /etc/apt/sources.list.d path: /etc/apt/sources.list.d
state: directory state: directory
recurse: true recurse: true
- name: Ensure apt keyrings directory exists - name: Ensure apt keyrings directory exists
file: ansible.builtin.file:
path: /etc/apt/keyrings path: /etc/apt/keyrings
state: directory state: directory
recurse: true recurse: true
- name: Install ceph apt gpg key - name: Install ceph apt gpg key
get_url: ansible.builtin.get_url:
url: "{{ ceph_apt_key_file }}" url: "{{ ceph_apt_key_file }}"
dest: "/etc/apt/keyrings/ceph.gpg" dest: "/etc/apt/keyrings/ceph.gpg"
mode: "0644" mode: "0644"
force: true force: true
- name: Ensure old ceph repository absent - name: Ensure old ceph repository absent
file: ansible.builtin.file:
path: /etc/apt/sources.list.d/ceph.list path: /etc/apt/sources.list.d/ceph.list
state: absent state: absent
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
# when all stable releases moves to the ansible-core >= 2.15 # when all stable releases moves to the ansible-core >= 2.15
- name: Enable ceph apt repository - name: Enable ceph apt repository
copy: ansible.builtin.copy:
dest: /etc/apt/sources.list.d/ceph.sources dest: /etc/apt/sources.list.d/ceph.sources
content: | content: |
# Ansible managed # Ansible managed
@@ -44,7 +44,7 @@
mode: "0644" mode: "0644"
- name: Install apt packages - name: Install apt packages
apt: ansible.builtin.apt:
name: "{{ ceph_apt_package }}" name: "{{ ceph_apt_package }}"
state: present state: present
update_cache: true update_cache: true
@@ -53,7 +53,7 @@
when: ansible_facts.os_family == 'RedHat' when: ansible_facts.os_family == 'RedHat'
block: block:
- name: Enable ceph yum repository - name: Enable ceph yum repository
yum_repository: ansible.builtin.yum_repository:
name: ceph name: ceph
description: Ceph main Repository description: Ceph main Repository
baseurl: "{{ ceph_yum_baseurl }}" baseurl: "{{ ceph_yum_baseurl }}"
@@ -61,19 +61,19 @@
gpgkey: "{{ ceph_yum_gpgkey }}" gpgkey: "{{ ceph_yum_gpgkey }}"
- name: Enable epel yum repository - name: Enable epel yum repository
package: ansible.builtin.package:
name: "{{ epel_yum_package }}" name: "{{ epel_yum_package }}"
state: present state: present
- name: Install ceph rpm gpg key - name: Install ceph rpm gpg key
rpm_key: ansible.builtin.rpm_key:
state: present state: present
key: "{{ ceph_yum_gpgkey }}" key: "{{ ceph_yum_gpgkey }}"
when: when:
- ceph_yum_gpgcheck | bool - ceph_yum_gpgcheck | bool
- name: Install RPM packages - name: Install RPM packages
package: ansible.builtin.package:
name: "{{ ceph_yum_package }}" name: "{{ ceph_yum_package }}"
state: present state: present
enablerepo: epel enablerepo: epel

11
roles/baremetal/tasks/install.yml
View File

@@ -5,7 +5,7 @@
- name: Set firewall default policy - name: Set firewall default policy
# noqa ignore-errors # noqa ignore-errors
become: true become: true
ufw: community.general.ufw:
state: disabled state: disabled
policy: allow policy: allow
when: ansible_facts.os_family == 'Debian' when: ansible_facts.os_family == 'Debian'
@@ -13,7 +13,8 @@
- name: Check if firewalld is installed - name: Check if firewalld is installed
# noqa command-instead-of-module # noqa command-instead-of-module
command: rpm -q firewalld ansible.builtin.command:
cmd: rpm -q firewalld
register: firewalld_check register: firewalld_check
changed_when: false changed_when: false
failed_when: firewalld_check.rc > 1 failed_when: firewalld_check.rc > 1
@@ -21,7 +22,7 @@
- name: Disable firewalld - name: Disable firewalld
become: true become: true
service: ansible.builtin.service:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
state: stopped state: stopped
@@ -31,8 +32,8 @@
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- firewalld_check.rc == 0 - firewalld_check.rc == 0
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.packages name: openstack.kolla.packages
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.{{ container_engine }} name: openstack.kolla.{{ container_engine }}

10
roles/baremetal/tasks/main.yml
View File

@@ -1,15 +1,15 @@
--- ---
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.etc_hosts name: openstack.kolla.etc_hosts
- import_tasks: pre-install.yml - ansible.builtin.import_tasks: pre-install.yml
- import_tasks: install.yml - ansible.builtin.import_tasks: install.yml
- import_tasks: post-install.yml - ansible.builtin.import_tasks: post-install.yml
- name: Configure ceph for zun - name: Configure ceph for zun
include_tasks: configure-ceph-for-zun.yml ansible.builtin.include_tasks: configure-ceph-for-zun.yml
when: when:
- zun_configure_for_cinder_ceph | bool - zun_configure_for_cinder_ceph | bool
- "'zun-compute' in group_names" - "'zun-compute' in group_names"

26
roles/baremetal/tasks/post-install.yml
View File

@@ -1,49 +1,49 @@
--- ---
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.kolla_user name: openstack.kolla.kolla_user
when: create_kolla_user | bool when: create_kolla_user | bool
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.{{ container_engine }}_sdk name: openstack.kolla.{{ container_engine }}_sdk
- name: Ensure node_config_directory directory exists - name: Ensure node_config_directory directory exists
file: become: true
ansible.builtin.file:
path: "{{ node_config_directory }}" path: "{{ node_config_directory }}"
state: directory state: directory
owner: "{{ kolla_user if create_kolla_user | bool else omit }}" owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
group: "{{ kolla_group if create_kolla_user | bool else omit }}" group: "{{ kolla_group if create_kolla_user | bool else omit }}"
mode: "0755" mode: "0755"
become: true
- import_role: - ansible.builtin.import_role:
name: openstack.kolla.apparmor_libvirt name: openstack.kolla.apparmor_libvirt
- name: Change state of selinux - name: Change state of selinux
selinux:
policy: targeted
state: "{{ selinux_state }}"
become: true become: true
when: when:
- change_selinux | bool - change_selinux | bool
- ansible_facts.os_family == "RedHat" - ansible_facts.os_family == "RedHat"
ansible.posix.selinux:
policy: targeted
state: "{{ selinux_state }}"
- name: Set https proxy for git - name: Set https proxy for git
git_config: when: git_https_proxy | length > 0
community.general.git_config:
name: https.proxy name: https.proxy
scope: global scope: global
value: "{{ git_https_proxy }}" value: "{{ git_https_proxy }}"
when: git_https_proxy | length > 0
- name: Set http proxy for git - name: Set http proxy for git
git_config: when: git_http_proxy | length > 0
community.general.git_config:
name: http.proxy name: http.proxy
scope: global scope: global
value: "{{ git_http_proxy }}" value: "{{ git_http_proxy }}"
when: git_http_proxy | length > 0
- name: Copying over kolla.target - name: Copying over kolla.target
become: true become: true
template: ansible.builtin.template:
src: kolla.target.j2 src: kolla.target.j2
dest: /etc/systemd/system/kolla.target dest: /etc/systemd/system/kolla.target
mode: "0644" mode: "0644"

2
roles/baremetal/tasks/pre-install.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Ensure unprivileged users can use ping - name: Ensure unprivileged users can use ping
become: true become: true
sysctl: ansible.posix.sysctl:
name: net.ipv4.ping_group_range name: net.ipv4.ping_group_range
value: '0 2147483647' value: '0 2147483647'
state: present state: present

10
roles/docker/handlers/main.yml
View File

@@ -1,21 +1,21 @@
--- ---
- name: Reload docker service file - name: Reload docker service file
become: true become: true
systemd: ansible.builtin.systemd:
name: docker name: docker
daemon_reload: true daemon_reload: true
notify: notify:
- Restart docker - Restart docker
- name: Restart docker - name: Restart docker
systemd: become: true
ansible.builtin.systemd:
name: docker name: docker
state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}" state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}"
masked: false masked: false
become: true
- name: Restart containerd - name: Restart containerd
service: become: true
ansible.builtin.service:
name: containerd name: containerd
state: restarted state: restarted
become: true

63
roles/docker/tasks/config.yml
View File

@@ -1,10 +1,10 @@
--- ---
- name: Ensure docker config directory exists - name: Ensure docker config directory exists
file: become: true
ansible.builtin.file:
path: /etc/docker path: /etc/docker
state: directory state: directory
mode: "0755" mode: "0755"
become: true
- name: Write docker config - name: Write docker config
become: true become: true
@@ -45,14 +45,15 @@
| combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {}) | combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {})
| combine(docker_config_debug if docker_debug | bool else {}) | combine(docker_config_debug if docker_debug | bool else {})
| combine(docker_custom_config) }} | combine(docker_custom_config) }}
copy: ansible.builtin.copy:
content: "{{ docker_config | to_nice_json }}" content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
mode: "0644" mode: "0644"
notify: notify:
- Restart docker - Restart docker
- meta: flush_handlers - name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Get Docker API version - name: Get Docker API version
become: true become: true
@@ -74,91 +75,91 @@
}} }}
- name: Copying over containerd config - name: Copying over containerd config
become: true
when: when:
- docker_storage_containerd | bool - docker_storage_containerd | bool
- not containerd_configure_for_zun | bool - not containerd_configure_for_zun | bool
template: ansible.builtin.template:
src: "containerd_config.toml.j2" src: "containerd_config.toml.j2"
dest: "/etc/containerd/config.toml" dest: "/etc/containerd/config.toml"
mode: "0660" mode: "0660"
become: true
notify: notify:
- Restart containerd - Restart containerd
- name: Remove old docker options file - name: Remove old docker options file
become: true become: true
file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
when: when:
- not docker_configure_for_zun | bool or 'zun-compute' not in group_names - not docker_configure_for_zun | bool or 'zun-compute' not in group_names
- not docker_http_proxy - not docker_http_proxy
- not docker_https_proxy - not docker_https_proxy
- not docker_no_proxy - not docker_no_proxy
ansible.builtin.file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
notify: notify:
- Reload docker service file - Reload docker service file
- name: Ensure docker service directory exists - name: Ensure docker service directory exists
become: true become: true
file: when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
docker_https_proxy | length > 0 or
docker_no_proxy | length > 0
ansible.builtin.file:
path: /etc/systemd/system/docker.service.d path: /etc/systemd/system/docker.service.d
state: directory state: directory
recurse: true recurse: true
when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
docker_https_proxy | length > 0 or
docker_no_proxy | length > 0
- name: Configure docker service - name: Configure docker service
become: true become: true
template:
src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf
mode: "0644"
when: > when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or (docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or docker_http_proxy | length > 0 or
docker_https_proxy | length > 0 or docker_https_proxy | length > 0 or
docker_no_proxy | length > 0 docker_no_proxy | length > 0
ansible.builtin.template:
src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf
mode: "0644"
notify: notify:
- Reload docker service file - Reload docker service file
- name: Ensure the path for CA file for private registry exists - name: Ensure the path for CA file for private registry exists
file: become: true
when: >
docker_registry is not none and
docker_registry_ca is not none and
not docker_registry_insecure | bool
ansible.builtin.file:
path: "/etc/docker/certs.d/{{ docker_registry }}" path: "/etc/docker/certs.d/{{ docker_registry }}"
owner: root owner: root
group: root group: root
mode: "0700" mode: "0700"
state: directory state: directory
- name: Ensure the CA file for private registry exists
become: true become: true
when: > when: >
docker_registry is not none and docker_registry is not none and
docker_registry_ca is not none and docker_registry_ca is not none and
not docker_registry_insecure | bool not docker_registry_insecure | bool
ansible.builtin.copy:
- name: Ensure the CA file for private registry exists
copy:
src: "{{ docker_registry_ca }}" src: "{{ docker_registry_ca }}"
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt" dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
owner: root owner: root
group: root group: root
mode: "0600" mode: "0600"
become: true
when: >
docker_registry is not none and
docker_registry_ca is not none and
not docker_registry_insecure | bool
notify: notify:
- Restart docker - Restart docker
- name: Flush handlers - name: Flush handlers
meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Start and enable docker - name: Start and enable docker
systemd: become: true
ansible.builtin.systemd:
name: docker name: docker
state: started state: started
enabled: true enabled: true
masked: false masked: false
become: true

20
roles/docker/tasks/configure-containerd-for-zun.yml
View File

@@ -1,45 +1,45 @@
--- ---
- name: Ensuring CNI config directory exist - name: Ensuring CNI config directory exist
file: become: true
ansible.builtin.file:
path: "{{ cni_config_dir }}" path: "{{ cni_config_dir }}"
state: "directory" state: "directory"
mode: "0770" mode: "0770"
owner: "{{ config_owner_user }}" owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}" group: "{{ config_owner_group }}"
become: true
- name: Copying CNI config file - name: Copying CNI config file
template: become: true
ansible.builtin.template:
src: "10-zun-cni.conf.j2" src: "10-zun-cni.conf.j2"
dest: "{{ cni_config_dir }}/10-zun-cni.conf" dest: "{{ cni_config_dir }}/10-zun-cni.conf"
mode: "0660" mode: "0660"
owner: "{{ config_owner_user }}" owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}" group: "{{ config_owner_group }}"
become: true
notify: notify:
- Restart containerd - Restart containerd
- name: Ensuring CNI bin directory exist - name: Ensuring CNI bin directory exist
file: become: true
ansible.builtin.file:
path: "{{ cni_bin_dir }}" path: "{{ cni_bin_dir }}"
state: "directory" state: "directory"
mode: "0770" mode: "0770"
owner: "{{ config_owner_user }}" owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}" group: "{{ config_owner_group }}"
become: true
- name: Copy zun-cni script - name: Copy zun-cni script
template: become: true
ansible.builtin.template:
src: "zun-cni.j2" src: "zun-cni.j2"
dest: "{{ cni_bin_dir }}/zun-cni" dest: "{{ cni_bin_dir }}/zun-cni"
mode: "0775" mode: "0775"
become: true
- name: Copying over containerd config - name: Copying over containerd config
template: become: true
ansible.builtin.template:
src: "containerd_config.toml.j2" src: "containerd_config.toml.j2"
dest: "/etc/containerd/config.toml" dest: "/etc/containerd/config.toml"
mode: "0660" mode: "0660"
become: true
notify: notify:
- Restart containerd - Restart containerd

31
roles/docker/tasks/install.yml
View File

@@ -1,13 +1,14 @@
--- ---
- include_tasks: "repo-{{ ansible_facts.os_family }}.yml" - ansible.builtin.include_tasks: "repo-{{ ansible_facts.os_family }}.yml"
when: enable_docker_repo | bool when: enable_docker_repo | bool
# Upgrading docker engine may cause containers to stop. Take a snapshot of the # Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker. # running containers prior to a potential upgrade of Docker.
- name: Check which containers are running - name: Check which containers are running
command: docker ps -f 'status=running' -q
become: true become: true
ansible.builtin.command:
cmd: docker ps -f 'status=running' -q
# If Docker is not installed this command may exit non-zero. # If Docker is not installed this command may exit non-zero.
failed_when: false failed_when: false
changed_when: false changed_when: false
@@ -18,12 +19,12 @@
- when: ansible_facts.os_family == 'Debian' - when: ansible_facts.os_family == 'Debian'
block: block:
- name: Check if docker systemd unit exists - name: Check if docker systemd unit exists
stat: ansible.builtin.stat:
path: /etc/systemd/system/docker.service path: /etc/systemd/system/docker.service
register: docker_unit_file register: docker_unit_file
- name: Mask the docker systemd unit on Debian/Ubuntu - name: Mask the docker systemd unit on Debian/Ubuntu
file: ansible.builtin.file:
src: /dev/null src: /dev/null
dest: /etc/systemd/system/docker.service dest: /etc/systemd/system/docker.service
owner: root owner: root
@@ -33,18 +34,19 @@
when: not docker_unit_file.stat.exists when: not docker_unit_file.stat.exists
- name: Install packages - name: Install packages
package: become: true
ansible.builtin.package:
name: "{{ docker_packages | select | list }}" name: "{{ docker_packages | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: true update_cache: true
state: present state: present
become: true
register: docker_install_result register: docker_install_result
# If any packages were updated, and any containers were running, wait for the # If any packages were updated, and any containers were running, wait for the
# daemon to come up and start all previously running containers. # daemon to come up and start all previously running containers.
- when: - become: true
when:
- docker_install_result is changed - docker_install_result is changed
- running_containers.rc == 0 - running_containers.rc == 0
- running_containers.stdout != '' - running_containers.stdout != ''
@@ -52,16 +54,15 @@
# At some point (at least on CentOS 7) Docker CE stopped starting # At some point (at least on CentOS 7) Docker CE stopped starting
# automatically after an upgrade from legacy docker . Start it manually. # automatically after an upgrade from legacy docker . Start it manually.
- name: Start docker - name: Start docker
systemd: ansible.builtin.systemd:
name: docker name: docker
state: started state: started
enabled: true enabled: true
masked: false masked: false
become: true
- name: Wait for Docker to start - name: Wait for Docker to start
command: docker info ansible.builtin.command:
become: true cmd: docker info
changed_when: false changed_when: false
register: result register: result
until: result is success until: result is success
@@ -70,13 +71,13 @@
- name: Ensure containers are running after Docker upgrade - name: Ensure containers are running after Docker upgrade
# noqa no-changed-when # noqa no-changed-when
command: "docker start {{ running_containers.stdout }}" ansible.builtin.command:
become: true cmd: "docker start {{ running_containers.stdout }}"
changed_when: true changed_when: true
- import_tasks: config.yml - ansible.builtin.import_tasks: config.yml
- include_tasks: configure-containerd-for-zun.yml - ansible.builtin.include_tasks: configure-containerd-for-zun.yml
when: when:
- containerd_configure_for_zun|bool - containerd_configure_for_zun|bool
- "'zun-cni-daemon' in group_names" - "'zun-cni-daemon' in group_names"

2
roles/docker/tasks/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
- include_tasks: "{{ package_action }}.yml" - ansible.builtin.include_tasks: "{{ package_action }}.yml"

31
roles/docker/tasks/repo-Debian.yml
View File

@@ -1,58 +1,58 @@
--- ---
- name: Install CA certificates and gnupg packages - name: Install CA certificates and gnupg packages
apt: become: true
ansible.builtin.apt:
name: name:
- ca-certificates - ca-certificates
- gnupg - gnupg
cache_valid_time: "{{ apt_cache_valid_time }}" cache_valid_time: "{{ apt_cache_valid_time }}"
update_cache: true update_cache: true
state: present state: present
become: true
- name: Ensure apt sources list directory exists - name: Ensure apt sources list directory exists
file: become: true
ansible.builtin.file:
path: /etc/apt/sources.list.d path: /etc/apt/sources.list.d
state: directory state: directory
recurse: true recurse: true
become: true
- name: Ensure apt keyrings directory exists - name: Ensure apt keyrings directory exists
file: ansible.builtin.file:
path: /etc/apt/keyrings path: /etc/apt/keyrings
state: directory state: directory
recurse: true recurse: true
become: true
- name: Install docker apt gpg key - name: Install docker apt gpg key
get_url: become: true
ansible.builtin.get_url:
url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}" url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
dest: "/etc/apt/keyrings/docker.asc" dest: "/etc/apt/keyrings/docker.asc"
mode: "0644" mode: "0644"
force: true force: true
become: true
environment: "{{ docker_apt_key_env }}" environment: "{{ docker_apt_key_env }}"
- name: Install docker apt pin - name: Install docker apt pin
copy: become: true
ansible.builtin.copy:
dest: "/etc/apt/preferences.d/docker" dest: "/etc/apt/preferences.d/docker"
content: | content: |
Package: {{ docker_apt_package }} Package: {{ docker_apt_package }}
Pin: version {{ docker_apt_package_pin }} Pin: version {{ docker_apt_package_pin }}
Pin-Priority: 1000 Pin-Priority: 1000
mode: "0644" mode: "0644"
become: true
when: docker_apt_package_pin | length > 0 when: docker_apt_package_pin | length > 0
- name: Ensure old docker repository absent - name: Ensure old docker repository absent
file: become: true
ansible.builtin.file:
path: /etc/apt/sources.list.d/docker.list path: /etc/apt/sources.list.d/docker.list
state: absent state: absent
become: true
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
# when all stable releases moves to the ansible-core >= 2.15 # when all stable releases moves to the ansible-core >= 2.15
- name: Enable docker apt repository - name: Enable docker apt repository
copy: become: true
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/docker.sources dest: /etc/apt/sources.list.d/docker.sources
content: | content: |
# Ansible managed # Ansible managed
@@ -63,9 +63,8 @@
Components: stable Components: stable
Signed-by: /etc/apt/keyrings/docker.asc Signed-by: /etc/apt/keyrings/docker.asc
mode: "0644" mode: "0644"
become: true
- name: Update the apt cache - name: Update the apt cache
apt:
update_cache: true
become: true become: true
ansible.builtin.apt:
update_cache: true

12
roles/docker/tasks/repo-RedHat.yml
View File

@@ -1,13 +1,14 @@
--- ---
- name: Ensure yum repos directory exists - name: Ensure yum repos directory exists
file: become: true
ansible.builtin.file:
path: /etc/yum.repos.d/ path: /etc/yum.repos.d/
state: directory state: directory
recurse: true recurse: true
become: true
- name: Enable docker yum repository - name: Enable docker yum repository
yum_repository: become: true
ansible.builtin.yum_repository:
name: docker name: docker
description: Docker main Repository description: Docker main Repository
baseurl: "{{ docker_yum_baseurl }}" baseurl: "{{ docker_yum_baseurl }}"
@@ -17,11 +18,10 @@
# modular package in CentOS 8 see: # modular package in CentOS 8 see:
# https://bugzilla.redhat.com/show_bug.cgi?id=1734081 # https://bugzilla.redhat.com/show_bug.cgi?id=1734081
module_hotfixes: true module_hotfixes: true
become: true
- name: Install docker rpm gpg key - name: Install docker rpm gpg key
rpm_key: become: true
ansible.builtin.rpm_key:
state: present state: present
key: "{{ docker_yum_gpgkey }}" key: "{{ docker_yum_gpgkey }}"
become: true
when: docker_yum_gpgcheck | bool when: docker_yum_gpgcheck | bool

22
roles/docker/tasks/uninstall.yml
View File

@@ -1,27 +1,29 @@
--- ---
- name: Check for leftover containers - name: Check for leftover containers
command: docker ps -q
become: true become: true
ansible.builtin.command:
cmd: docker ps -q
changed_when: false changed_when: false
failed_when: false failed_when: false
register: containers register: containers
- name: Check for leftover volumes - name: Check for leftover volumes
command: docker volume ls -q
become: true become: true
ansible.builtin.command:
cmd: docker volume ls -q
changed_when: false changed_when: false
failed_when: false failed_when: false
register: volumes register: volumes
- name: Fail if there are any containers - name: Fail if there are any containers
assert: ansible.builtin.assert:
that: (containers.stdout_lines | length) == 0 that: (containers.stdout_lines | length) == 0
fail_msg: |- fail_msg: |-
There are still some containers left over! There are still some containers left over!
Remove them before uninstalling container engine! Remove them before uninstalling container engine!
- name: Fail if there are any volumes - name: Fail if there are any volumes
assert: ansible.builtin.assert:
that: (volumes.stdout_lines | length) == 0 that: (volumes.stdout_lines | length) == 0
fail_msg: |- fail_msg: |-
There are still some volumes left over! There are still some volumes left over!
@@ -29,13 +31,13 @@
- name: Stop docker service - name: Stop docker service
become: true become: true
systemd: ansible.builtin.systemd:
name: docker name: docker
state: stopped state: stopped
enabled: false enabled: false
- name: Uninstall docker packages - name: Uninstall docker packages
package: ansible.builtin.package:
name: "{{ docker_packages | select | list }}" name: "{{ docker_packages | select | list }}"
autoremove: true autoremove: true
state: absent state: absent
@@ -43,13 +45,13 @@
- name: Remove docker group - name: Remove docker group
become: true become: true
group: ansible.builtin.group:
name: docker name: docker
state: absent state: absent
- name: Cleanup CNI config directory - name: Cleanup CNI config directory
become: true become: true
file: ansible.builtin.file:
path: "{{ cni_config_dir }}" path: "{{ cni_config_dir }}"
state: absent state: absent
@@ -58,11 +60,11 @@
# qemu-kvm processes running that prevent the removal # qemu-kvm processes running that prevent the removal
- name: Cleanup docker files - name: Cleanup docker files
become: true become: true
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
loop: "{{ docker_paths }}" loop: "{{ docker_paths }}"
rescue: rescue:
- name: Unable to remove all files - name: Unable to remove all files
debug: ansible.builtin.debug:
var: ansible_failed_result var: ansible_failed_result

37
roles/docker_sdk/tasks/install.yml
View File

@@ -1,47 +1,44 @@
--- ---
- name: Configure osbpo apt repository - name: Configure osbpo apt repository
become: true
when: when:
- ansible_facts.distribution == 'Debian' - ansible_facts.distribution == 'Debian'
- docker_sdk_python_externally_managed | default(false) - docker_sdk_python_externally_managed | default(false)
- virtualenv is none - virtualenv is none
block: block:
- name: Ensure apt sources list directory exists - name: Ensure apt sources list directory exists
file: ansible.builtin.file:
path: /etc/apt/sources.list.d path: /etc/apt/sources.list.d
state: directory state: directory
recurse: true recurse: true
become: true
- name: Ensure apt keyrings directory exists - name: Ensure apt keyrings directory exists
file: ansible.builtin.file:
path: /etc/apt/keyrings path: /etc/apt/keyrings
state: directory state: directory
recurse: true recurse: true
become: true
- name: Install osbpo apt gpg key - name: Install osbpo apt gpg key
template: ansible.builtin.template:
src: osbpo_pubkey.gpg.j2 src: osbpo_pubkey.gpg.j2
dest: /etc/apt/keyrings/osbpo.asc dest: /etc/apt/keyrings/osbpo.asc
mode: "0644" mode: "0644"
become: true
- name: Enable osbpo apt repository - name: Enable osbpo apt repository
apt_repository: ansible.builtin.apt_repository:
repo: "{{ docker_sdk_osbpo_apt_repo }}" repo: "{{ docker_sdk_osbpo_apt_repo }}"
filename: osbpo filename: osbpo
become: true
- name: Install packages - name: Install packages
package: become: true
ansible.builtin.package:
name: "{{ docker_sdk_packages | select | list }}" name: "{{ docker_sdk_packages | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
state: present state: present
become: true
- name: Check if virtualenv is a directory - name: Check if virtualenv is a directory
stat: ansible.builtin.stat:
path: "{{ virtualenv }}" path: "{{ virtualenv }}"
register: virtualenv_stat register: virtualenv_stat
when: virtualenv is not none and virtualenv | length > 0 when: virtualenv is not none and virtualenv | length > 0
@@ -49,9 +46,10 @@
# NOTE(kevko) Packaging needs to be installed before ansible's pip module is used # NOTE(kevko) Packaging needs to be installed before ansible's pip module is used
# This is in case user created venv manually # This is in case user created venv manually
- name: Check if packaging is already installed - name: Check if packaging is already installed
command: "{{ virtualenv }}/bin/pip show packaging"
become: true become: true
become_user: "{{ docker_sdk_virtualenv_owner }}" become_user: "{{ docker_sdk_virtualenv_owner }}"
ansible.builtin.command:
cmd: "{{ virtualenv }}/bin/pip show packaging"
register: packaging_installed register: packaging_installed
failed_when: false failed_when: false
changed_when: false changed_when: false
@@ -63,9 +61,10 @@
- virtualenv_stat.stat.isdir - virtualenv_stat.stat.isdir
- name: Install packaging into virtualenv - name: Install packaging into virtualenv
command: "{{ virtualenv }}/bin/python -m pip install packaging"
become: true become: true
become_user: "{{ docker_sdk_virtualenv_owner }}" become_user: "{{ docker_sdk_virtualenv_owner }}"
ansible.builtin.command:
cmd: "{{ virtualenv }}/bin/python -m pip install packaging"
check_mode: false check_mode: false
changed_when: packaging_installed.rc != 0 changed_when: packaging_installed.rc != 0
when: when:
@@ -76,7 +75,9 @@
- packaging_installed.rc != 0 - packaging_installed.rc != 0
- name: Install latest pip and packaging in the virtualenv - name: Install latest pip and packaging in the virtualenv
pip: become: true
become_user: "{{ docker_sdk_virtualenv_owner }}"
ansible.builtin.pip:
# NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
name: name:
- "pip>19.3" - "pip>19.3"
@@ -84,18 +85,16 @@
virtualenv: "{{ virtualenv }}" virtualenv: "{{ virtualenv }}"
virtualenv_site_packages: "{{ virtualenv_site_packages }}" virtualenv_site_packages: "{{ virtualenv_site_packages }}"
virtualenv_command: "{{ ansible_facts.python.executable }} -m venv" virtualenv_command: "{{ ansible_facts.python.executable }} -m venv"
become: true
become_user: "{{ docker_sdk_virtualenv_owner }}"
when: virtualenv is not none when: virtualenv is not none
- name: Install docker SDK for python using pip - name: Install docker SDK for python using pip
pip: become: true
become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}"
ansible.builtin.pip:
name: "{{ docker_sdk_core_pip_packages + docker_sdk_additional_pip_packages }}" name: "{{ docker_sdk_core_pip_packages + docker_sdk_additional_pip_packages }}"
executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}" executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}"
extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}" extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}"
virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
virtualenv_command: "{{ virtualenv is none | ternary(omit, ansible_facts.python.executable ~ ' -m venv') }}" virtualenv_command: "{{ virtualenv is none | ternary(omit, ansible_facts.python.executable ~ ' -m venv') }}"
become: true
become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}"
when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none) when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none)

4
roles/docker_sdk/tasks/main.yml
View File

@@ -14,8 +14,8 @@
register: python_externally_managed register: python_externally_managed
- name: Set docker_sdk_python_externally_managed fact - name: Set docker_sdk_python_externally_managed fact
set_fact: ansible.builtin.set_fact:
docker_sdk_python_externally_managed: true docker_sdk_python_externally_managed: true
when: python_externally_managed.stat.exists when: python_externally_managed.stat.exists
- include_tasks: "{{ package_action }}.yml" - ansible.builtin.include_tasks: "{{ package_action }}.yml"

2
roles/docker_sdk/tasks/uninstall.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Uninstall docker SDK for python using pip - name: Uninstall docker SDK for python using pip
pip: ansible.builtin.pip:
name: "{{ docker_sdk_core_pip_packages }}" name: "{{ docker_sdk_core_pip_packages }}"
executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}" executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}"
virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"

16
roles/etc_hosts/tasks/etc-hosts.yml
View File

@@ -1,13 +1,13 @@
--- ---
- name: Ensure localhost in /etc/hosts - name: Ensure localhost in /etc/hosts
lineinfile: become: true
ansible.builtin.lineinfile:
dest: /etc/hosts dest: /etc/hosts
regexp: "^127.0.0.1.*" regexp: "^127.0.0.1.*"
line: "127.0.0.1 localhost" line: "127.0.0.1 localhost"
create: true create: true
mode: "0644" mode: "0644"
state: present state: present
become: true
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local # NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
# hostname and fqdn point to 127.0.1.1. This can break # hostname and fqdn point to 127.0.1.1. This can break
@@ -16,14 +16,15 @@
# see https://bugs.launchpad.net/kolla-ansible/+bug/1837699 # see https://bugs.launchpad.net/kolla-ansible/+bug/1837699
# and https://bugs.launchpad.net/kolla-ansible/+bug/1862739 # and https://bugs.launchpad.net/kolla-ansible/+bug/1862739
- name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts - name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts
lineinfile: become: true
ansible.builtin.lineinfile:
dest: /etc/hosts dest: /etc/hosts
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b" regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
state: absent state: absent
become: true
- name: Generate /etc/hosts for all of the nodes - name: Generate /etc/hosts for all of the nodes
blockinfile: become: true
ansible.builtin.blockinfile:
dest: /etc/hosts dest: /etc/hosts
marker: "# {mark} ANSIBLE GENERATED HOSTS" marker: "# {mark} ANSIBLE GENERATED HOSTS"
block: | block: |
@@ -43,7 +44,6 @@
{{ 'api' | kolla_address(host, override_var="etc_hosts_api_address") }} {{ hostnames | unique | join(' ') }} {{ 'api' | kolla_address(host, override_var="etc_hosts_api_address") }} {{ hostnames | unique | join(' ') }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
become: true
when: when:
# Skip hosts in the bifrost group that do not have a valid api_interface. # Skip hosts in the bifrost group that do not have a valid api_interface.
- inventory_hostname not in groups['bifrost'] or - inventory_hostname not in groups['bifrost'] or
@@ -57,12 +57,12 @@
become: true become: true
block: block:
- name: Check whether /etc/cloud/cloud.cfg exists - name: Check whether /etc/cloud/cloud.cfg exists
stat: ansible.builtin.stat:
path: /etc/cloud/cloud.cfg path: /etc/cloud/cloud.cfg
register: cloud_init register: cloud_init
- name: Disable cloud-init manage_etc_hosts - name: Disable cloud-init manage_etc_hosts
copy: ansible.builtin.copy:
content: "manage_etc_hosts: false" content: "manage_etc_hosts: false"
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
mode: "0660" mode: "0660"

2
roles/etc_hosts/tasks/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
- name: Include etc-hosts.yml - name: Include etc-hosts.yml
include_tasks: etc-hosts.yml ansible.builtin.include_tasks: etc-hosts.yml
when: customize_etc_hosts | bool when: customize_etc_hosts | bool

16
roles/kolla_user/tasks/main.yml
View File

@@ -1,16 +1,17 @@
--- ---
- name: Ensure groups are present - name: Ensure groups are present
group: become: true
ansible.builtin.group:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
become: true
loop: loop:
- docker - docker
- sudo - sudo
- "{{ kolla_group }}" - "{{ kolla_group }}"
- name: Create kolla user - name: Create kolla user
user: become: true
ansible.builtin.user:
name: "{{ kolla_user }}" name: "{{ kolla_user }}"
state: present state: present
group: "{{ kolla_group }}" group: "{{ kolla_group }}"
@@ -18,21 +19,20 @@
- docker - docker
- sudo - sudo
append: true append: true
become: true
- name: Add public key to kolla user authorized keys - name: Add public key to kolla user authorized keys
authorized_key: become: true
ansible.posix.authorized_key:
user: "{{ kolla_user }}" user: "{{ kolla_user }}"
key: "{{ kolla_ssh_key.public_key }}" key: "{{ kolla_ssh_key.public_key }}"
become: true
- name: Grant kolla user passwordless sudo - name: Grant kolla user passwordless sudo
lineinfile: become: true
ansible.builtin.lineinfile:
dest: /etc/sudoers.d/kolla-ansible-users dest: /etc/sudoers.d/kolla-ansible-users
state: present state: present
create: true create: true
mode: '0640' mode: '0640'
regexp: '^{{ kolla_user }}' regexp: '^{{ kolla_user }}'
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL' line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
become: true
when: create_kolla_user_sudoers | bool when: create_kolla_user_sudoers | bool

8
roles/packages/tasks/main.yml
View File

@@ -1,22 +1,22 @@
--- ---
- name: Install packages - name: Install packages
become: true
vars: vars:
pkg_installs: >- pkg_installs: >-
{{ ubuntu_pkg_install if ansible_facts.os_family == 'Debian' {{ ubuntu_pkg_install if ansible_facts.os_family == 'Debian'
else redhat_pkg_install }} else redhat_pkg_install }}
package: ansible.builtin.package:
name: "{{ pkg_installs | select | list }}" name: "{{ pkg_installs | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
state: present state: present
become: true
- name: Remove packages - name: Remove packages
become: true
vars: vars:
pkg_removals: >- pkg_removals: >-
{{ ubuntu_pkg_removals if ansible_facts.os_family == 'Debian' {{ ubuntu_pkg_removals if ansible_facts.os_family == 'Debian'
else redhat_pkg_removals }} else redhat_pkg_removals }}
package: ansible.builtin.package:
name: "{{ pkg_removals | select | list }}" name: "{{ pkg_removals | select | list }}"
state: absent state: absent
become: true

3
roles/podman/handlers/main.yml
View File

@@ -1,5 +1,6 @@
--- ---
- name: Restart systemd-tmpfiles - name: Restart systemd-tmpfiles
become: true become: true
command: systemd-tmpfiles --create ansible.builtin.command:
cmd: systemd-tmpfiles --create
changed_when: true changed_when: true

16
roles/podman/tasks/config.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Ensure podman config directory exists - name: Ensure podman config directory exists
file: ansible.builtin.file:
path: /etc/containers/{{ item }} path: /etc/containers/{{ item }}
state: directory state: directory
mode: "0755" mode: "0755"
@@ -17,7 +17,7 @@
[[registry]] [[registry]]
location = "{{ podman_registry }}" location = "{{ podman_registry }}"
insecure = {{ podman_registry_insecure | bool | lower }} insecure = {{ podman_registry_insecure | bool | lower }}
copy: ansible.builtin.copy:
content: "{{ registry }}" content: "{{ registry }}"
dest: /etc/containers/registries.conf.d/registries.conf dest: /etc/containers/registries.conf.d/registries.conf
mode: "0644" mode: "0644"
@@ -30,7 +30,7 @@
[[registry.mirror]] [[registry.mirror]]
prefix = docker.io prefix = docker.io
location = "{{ podman_registry_mirror }}" location = "{{ podman_registry_mirror }}"
copy: ansible.builtin.copy:
content: "{{ registry_mirror }}" content: "{{ registry_mirror }}"
dest: /etc/containers/registries.conf.d/registry-mirror.conf dest: /etc/containers/registries.conf.d/registry-mirror.conf
mode: "0644" mode: "0644"
@@ -46,14 +46,14 @@
{% if podman_runtime_directory is not none %} {% if podman_runtime_directory is not none %}
runroot = {{ podman_runtime_directory }} runroot = {{ podman_runtime_directory }}
{% endif %} {% endif %}
copy: ansible.builtin.copy:
content: "{{ config }}" content: "{{ config }}"
dest: /etc/containers/storage.conf.d/storage.conf dest: /etc/containers/storage.conf.d/storage.conf
mode: "0644" mode: "0644"
when: podman_storage_driver is not none or podman_runtime_directory is not none when: podman_storage_driver is not none or podman_runtime_directory is not none
- name: Ensure the path for CA file for podman registry exists - name: Ensure the path for CA file for podman registry exists
file: ansible.builtin.file:
path: "/etc/containers/certs.d/{{ podman_registry }}" path: "/etc/containers/certs.d/{{ podman_registry }}"
owner: root owner: root
group: root group: root
@@ -66,14 +66,14 @@
- not podman_registry_insecure | bool - not podman_registry_insecure | bool
- name: Write kolla.conf to containers.conf.d - name: Write kolla.conf to containers.conf.d
template: ansible.builtin.template:
src: "kolla.conf.j2" src: "kolla.conf.j2"
dest: "/etc/containers/containers.conf.d/kolla.conf" dest: "/etc/containers/containers.conf.d/kolla.conf"
mode: "0664" mode: "0664"
become: true become: true
- name: Ensure the CA file for private registry exists - name: Ensure the CA file for private registry exists
copy: ansible.builtin.copy:
src: "{{ private_registry_ca }}" src: "{{ private_registry_ca }}"
dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt" dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt"
owner: root owner: root
@@ -87,7 +87,7 @@
- name: Copying over /run subdirectories conf - name: Copying over /run subdirectories conf
become: true become: true
template: ansible.builtin.template:
src: kolla-directories.conf.j2 src: kolla-directories.conf.j2
dest: /etc/tmpfiles.d/kolla.conf dest: /etc/tmpfiles.d/kolla.conf
mode: "0644" mode: "0644"

17
roles/podman/tasks/install.yml
View File

@@ -2,20 +2,21 @@
# Upgrading podman engine may cause containers to stop. Take a snapshot of the # Upgrading podman engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Podman. # running containers prior to a potential upgrade of Podman.
- name: Check which containers are running - name: Check which containers are running
command: podman ps -f 'status=running' -q
become: true become: true
ansible.builtin.command:
cmd: podman ps -f 'status=running' -q
# If Podman is not installed this command may exit non-zero. # If Podman is not installed this command may exit non-zero.
failed_when: false failed_when: false
changed_when: false changed_when: false
register: running_containers register: running_containers
- name: Install packages - name: Install packages
package: become: true
ansible.builtin.package:
name: "{{ podman_packages | select | list }}" name: "{{ podman_packages | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: true update_cache: true
state: present state: present
become: true
register: podman_install_result register: podman_install_result
# If any packages were updated, and any containers were running, wait for the # If any packages were updated, and any containers were running, wait for the
@@ -23,7 +24,7 @@
- name: Start podman.socket - name: Start podman.socket
become: true become: true
service: ansible.builtin.service:
name: podman.socket name: podman.socket
state: started state: started
enabled: true enabled: true
@@ -34,8 +35,9 @@
- running_containers.stdout != '' - running_containers.stdout != ''
block: block:
- name: Wait for Podman to start - name: Wait for Podman to start
command: podman info
become: true become: true
ansible.builtin.command:
cmd: podman info
changed_when: false changed_when: false
register: result register: result
until: result is success until: result is success
@@ -43,8 +45,9 @@
delay: 10 delay: 10
- name: Ensure containers are running after Podman upgrade - name: Ensure containers are running after Podman upgrade
command: "podman start {{ running_containers.stdout }}" ansible.builtin.command:
cmd: "podman start {{ running_containers.stdout }}"
become: true become: true
changed_when: true changed_when: true
- import_tasks: config.yml - ansible.builtin.import_tasks: config.yml

4
roles/podman/tasks/main.yml
View File

@@ -1,5 +1,5 @@
--- ---
- include_tasks: "{{ package_action }}.yml" - ansible.builtin.include_tasks: "{{ package_action }}.yml"
- name: Flush handlers - name: Flush handlers
meta: flush_handlers ansible.builtin.meta: flush_handlers

16
roles/podman/tasks/uninstall.yml
View File

@@ -1,27 +1,29 @@
--- ---
- name: Check for leftover containers - name: Check for leftover containers
command: podman ps -q ansible.builtin.command:
cmd: podman ps -q
become: true become: true
changed_when: false changed_when: false
failed_when: false failed_when: false
register: containers register: containers
- name: Check for leftover volumes - name: Check for leftover volumes
command: podman volume ls -q ansible.builtin.command:
cmd: podman volume ls -q
become: true become: true
changed_when: false changed_when: false
failed_when: false failed_when: false
register: volumes register: volumes
- name: Fail if there are any containers - name: Fail if there are any containers
assert: ansible.builtin.assert:
that: (containers.stdout_lines | length) == 0 that: (containers.stdout_lines | length) == 0
fail_msg: |- fail_msg: |-
There are still some containers left over! There are still some containers left over!
Remove them before uninstalling container engine! Remove them before uninstalling container engine!
- name: Fail if there are any volumes - name: Fail if there are any volumes
assert: ansible.builtin.assert:
that: (volumes.stdout_lines | length) == 0 that: (volumes.stdout_lines | length) == 0
fail_msg: |- fail_msg: |-
There are still some volumes left over! There are still some volumes left over!
@@ -29,7 +31,7 @@
- name: Uninstall podman packages - name: Uninstall podman packages
become: true become: true
package: ansible.builtin.package:
name: "{{ podman_packages | select | list }}" name: "{{ podman_packages | select | list }}"
autoclean: true autoclean: true
state: absent state: absent
@@ -39,11 +41,11 @@
# qemu-kvm processes running that prevent the removal # qemu-kvm processes running that prevent the removal
- name: Cleanup docker files - name: Cleanup docker files
become: true become: true
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
loop: "{{ podman_paths }}" loop: "{{ podman_paths }}"
rescue: rescue:
- name: Unable to remove all files - name: Unable to remove all files
debug: ansible.builtin.debug:
var: ansible_failed_result var: ansible_failed_result

26
roles/podman_sdk/tasks/install.yml
View File

@@ -7,32 +7,32 @@
- virtualenv is none - virtualenv is none
block: block:
- name: Ensure apt sources list directory exists - name: Ensure apt sources list directory exists
file: ansible.builtin.file:
path: /etc/apt/sources.list.d path: /etc/apt/sources.list.d
state: directory state: directory
recurse: true recurse: true
- name: Ensure apt keyrings directory exists - name: Ensure apt keyrings directory exists
file: ansible.builtin.file:
path: /etc/apt/keyrings path: /etc/apt/keyrings
state: directory state: directory
recurse: true recurse: true
- name: Install osbpo apt gpg key - name: Install osbpo apt gpg key
template: ansible.builtin.template:
src: osbpo_pubkey.gpg.j2 src: osbpo_pubkey.gpg.j2
dest: /etc/apt/keyrings/osbpo.asc dest: /etc/apt/keyrings/osbpo.asc
mode: "0644" mode: "0644"
- name: Ensure old osbpo apt repository absent - name: Ensure old osbpo apt repository absent
file: ansible.builtin.file:
path: /etc/apt/sources.list.d/osbpo.list path: /etc/apt/sources.list.d/osbpo.list
state: absent state: absent
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
# when all stable releases moves to the ansible-core >= 2.15 # when all stable releases moves to the ansible-core >= 2.15
- name: Enable osbpo apt repository - name: Enable osbpo apt repository
copy: ansible.builtin.copy:
dest: /etc/apt/sources.list.d/docker.sources dest: /etc/apt/sources.list.d/docker.sources
content: | content: |
# Ansible managed # Ansible managed
@@ -45,11 +45,11 @@
mode: "0644" mode: "0644"
- name: Update the apt cache - name: Update the apt cache
apt: ansible.builtin.apt:
update_cache: true update_cache: true
- name: Install packages - name: Install packages
package: ansible.builtin.package:
name: "{{ podman_sdk_packages | select | list }}" name: "{{ podman_sdk_packages | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}" update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}"
@@ -57,7 +57,7 @@
become: true become: true
- name: Check if virtualenv is a directory - name: Check if virtualenv is a directory
stat: ansible.builtin.stat:
path: "{{ virtualenv }}" path: "{{ virtualenv }}"
register: virtualenv_stat register: virtualenv_stat
when: virtualenv is not none and virtualenv | length > 0 when: virtualenv is not none and virtualenv | length > 0
@@ -65,7 +65,8 @@
# NOTE(kevko) Packaging needs to be installed before ansible's pip module is used # NOTE(kevko) Packaging needs to be installed before ansible's pip module is used
# This is in case user created venv manually # This is in case user created venv manually
- name: Check if packaging is already installed - name: Check if packaging is already installed
command: "{{ virtualenv }}/bin/pip show packaging" ansible.builtin.command:
cmd: "{{ virtualenv }}/bin/pip show packaging"
become: true become: true
become_user: "{{ podman_sdk_virtualenv_owner }}" become_user: "{{ podman_sdk_virtualenv_owner }}"
register: packaging_installed register: packaging_installed
@@ -79,7 +80,8 @@
- virtualenv_stat.stat.isdir - virtualenv_stat.stat.isdir
- name: Install packaging into virtualenv - name: Install packaging into virtualenv
command: "{{ virtualenv }}/bin/python -m pip install packaging" ansible.builtin.command:
cmd: "{{ virtualenv }}/bin/python -m pip install packaging"
become: true become: true
become_user: "{{ podman_sdk_virtualenv_owner }}" become_user: "{{ podman_sdk_virtualenv_owner }}"
check_mode: false check_mode: false
@@ -92,7 +94,7 @@
- packaging_installed.rc != 0 - packaging_installed.rc != 0
- name: Install latest pip and packaging in the virtualenv - name: Install latest pip and packaging in the virtualenv
pip: ansible.builtin.pip:
# NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
name: name:
- "pip>19.3" - "pip>19.3"
@@ -105,7 +107,7 @@
when: virtualenv is not none when: virtualenv is not none
- name: Install podman SDK for python - name: Install podman SDK for python
pip: ansible.builtin.pip:
name: "{{ podman_sdk_core_pip_packages + podman_sdk_additional_pip_packages }}" name: "{{ podman_sdk_core_pip_packages + podman_sdk_additional_pip_packages }}"
executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}" executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}"
extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}" extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}"

4
roles/podman_sdk/tasks/main.yml
View File

@@ -14,8 +14,8 @@
register: python_externally_managed register: python_externally_managed
- name: Set podman_sdk_python_externally_managed fact - name: Set podman_sdk_python_externally_managed fact
set_fact: ansible.builtin.set_fact:
podman_sdk_python_externally_managed: true podman_sdk_python_externally_managed: true
when: python_externally_managed.stat.exists when: python_externally_managed.stat.exists
- include_tasks: "{{ package_action }}.yml" - ansible.builtin.include_tasks: "{{ package_action }}.yml"

2
roles/podman_sdk/tasks/uninstall.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Uninstall podman SDK for python - name: Uninstall podman SDK for python
pip: ansible.builtin.pip:
name: "{{ podman_sdk_core_pip_packages }}" name: "{{ podman_sdk_core_pip_packages }}"
executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}" executable: "{{ (virtualenv is none) | ternary(ansible_facts.python.executable | regex_replace('python(\\d+(\\.\\d+)?)$', 'pip\\1'), omit) }}"
virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"