Make buildah login optional

Buildah login is not needed always, it's needed
when pushing to container registeries, so make it
optional by role var tripleo_podman_buildah_login set
to false by default.

Related-Bug: #1886555
Change-Id: Ibb91dfa9684b481dea34607fc47c0d531d56ee45

tripleo_ansible/roles/tripleo_podman/defaults/main.yml

@@ -19,6 +19,7 @@
 tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
 tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
 
+tripleo_podman_buildah_login: false
 tripleo_container_registry_insecure_registries: []
 tripleo_container_registry_login: false
 tripleo_container_registry_logins: {}

tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml

@@ -18,6 +18,7 @@
 - name: Converge
   hosts: all
   vars:
+    tripleo_podman_buildah_login: true
     tripleo_podman_tls_verify: false
     tripleo_container_registry_logins:
       localhost:5000:
@@ -26,3 +27,6 @@
     - include_role:
         name: tripleo_podman
         tasks_from: tripleo_podman_login.yml
+    - include_role:
+        name: tripleo_podman
+        tasks_from: tripleo_podman_buildah_login.yml

tripleo_ansible/roles/tripleo_podman/tasks/main.yml

@@ -52,3 +52,10 @@
   when:
     - tripleo_container_registry_login | bool
     - tripleo_container_registry_logins
+
+- name: Buildah setup
+  import_tasks: tripleo_podman_buildah_login.yml
+  when:
+    - tripleo_podman_buildah_login | bool
+    - tripleo_container_registry_login | bool
+    - tripleo_container_registry_logins

tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_buildah_login.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: ensure buildah is installed
+  become: true
+  package:
+    name: "buildah"
+    state: latest
+
+- name: Perform container registry login(s) with buildah
+  become: true
+  shell: |-
+    buildah login --username=$REGISTRY_USERNAME \
+                  --password=$REGISTRY_PASSWORD \
+                  --tls-verify={{ tripleo_podman_tls_verify }} \
+                  $REGISTRY
+  environment:
+    REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
+    REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
+    REGISTRY: "{{ item.key }}"
+  no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}"
+  loop: "{{ query('dict', tripleo_container_registry_logins) }}"
+  register: registry_login_buildah

tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml

@@ -29,18 +29,3 @@
   no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}"
   loop: "{{ query('dict', tripleo_container_registry_logins) }}"
   register: registry_login_podman
-
-- name: Perform container registry login(s) with buildah
-  become: true
-  shell: |-
-    buildah login --username=$REGISTRY_USERNAME \
-                  --password=$REGISTRY_PASSWORD \
-                  --tls-verify={{ tripleo_podman_tls_verify }} \
-                  $REGISTRY
-  environment:
-    REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
-    REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
-    REGISTRY: "{{ item.key }}"
-  no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}"
-  loop: "{{ query('dict', tripleo_container_registry_logins) }}"
-  register: registry_login_buildah

tripleo_ansible/roles/tripleo_podman/vars/redhat.yml

@@ -17,7 +17,6 @@
 
 _tripleo_podman_packages:
   - podman
-  - buildah
 
 _tripleo_podman_purge_packages:
   - docker