Merge "[TRAIN-Only] Allow configuration of the default podman network" into stable/train
This commit is contained in:
commit
93c0b4c4c1
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
A new variable named `tripleo_podman_default_network_config` has been added
|
||||
to be able to configure the default network used by podman.
|
||||
The network configue needs to be a json (or yaml) representation of a
|
||||
cni network configuration.
|
||||
NOTE: The network is not applied if it's already running which is
|
||||
indicated by the existance of a cni-podman0 interface.
|
|
@ -26,3 +26,4 @@ tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([])
|
|||
tripleo_podman_tls_verify: true
|
||||
tripleo_podman_debug: false
|
||||
tripleo_podman_buildah_login: false
|
||||
tripleo_podman_default_network_config: {}
|
||||
|
|
|
@ -17,9 +17,35 @@
|
|||
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
tripleo_podman_default_network_config:
|
||||
cniVersion: 0.4.0
|
||||
name: podman
|
||||
plugins:
|
||||
- type: bridge
|
||||
bridge: cni-podman0
|
||||
isGateway: true
|
||||
ipMasq: true
|
||||
hairpinMode: true
|
||||
ipam:
|
||||
type: host-local
|
||||
routes:
|
||||
- dst: 0.0.0.0/0
|
||||
ranges:
|
||||
- - subnet: 10.255.255.0/24
|
||||
gateway: 10.255.255.1
|
||||
- type: portmap
|
||||
capabilities:
|
||||
portMappings: true
|
||||
- type: firewall
|
||||
- type: tuning
|
||||
tasks:
|
||||
- name: Run install
|
||||
include_role:
|
||||
name: tripleo-podman
|
||||
tasks_from: tripleo_podman_install.yml
|
||||
vars_from: "redhat.yml"
|
||||
# https://bugs.launchpad.net/bugs/1889510
|
||||
- name: Test podman network ls
|
||||
become: true
|
||||
command: podman network ls
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
driver:
|
||||
name: delegated
|
||||
options:
|
||||
managed: false
|
||||
login_cmd_template: >-
|
||||
ssh
|
||||
-o UserKnownHostsFile=/dev/null
|
||||
-o StrictHostKeyChecking=no
|
||||
-o Compression=no
|
||||
-o TCPKeepAlive=yes
|
||||
-o VerifyHostKeyDNS=no
|
||||
-o ForwardX11=no
|
||||
-o ForwardAgent=no
|
||||
{instance}
|
||||
ansible_connection_options:
|
||||
ansible_connection: ssh
|
||||
|
||||
log: true
|
||||
|
||||
platforms:
|
||||
- name: instance
|
||||
|
||||
provisioner:
|
||||
name: ansible
|
||||
config_options:
|
||||
defaults:
|
||||
fact_caching: jsonfile
|
||||
fact_caching_connection: /tmp/molecule/facts
|
||||
inventory:
|
||||
hosts:
|
||||
all:
|
||||
hosts:
|
||||
instance:
|
||||
ansible_host: localhost
|
||||
log: true
|
||||
env:
|
||||
ANSIBLE_STDOUT_CALLBACK: yaml
|
||||
ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
|
||||
ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}"
|
||||
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}"
|
||||
|
||||
scenario:
|
||||
test_sequence:
|
||||
- prepare
|
||||
- converge
|
||||
- check
|
||||
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
tripleo_podman_buildah_login: true
|
||||
tripleo_podman_tls_verify: false
|
||||
tripleo_container_registry_logins:
|
||||
localhost:5000:
|
||||
testuser: testpassword
|
||||
tasks:
|
||||
- include_role:
|
||||
name: tripleo-podman
|
||||
tasks_from: tripleo_podman_login.yml
|
||||
- include_role:
|
||||
name: tripleo-podman
|
||||
tasks_from: tripleo_podman_buildah_login.yml
|
|
@ -0,0 +1,107 @@
|
|||
---
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: true
|
||||
vars:
|
||||
tripleo_podman_default_network_config:
|
||||
cniVersion: 0.4.0
|
||||
name: podman
|
||||
plugins:
|
||||
- type: bridge
|
||||
bridge: cni-podman0
|
||||
isGateway: true
|
||||
ipMasq: true
|
||||
hairpinMode: true
|
||||
ipam:
|
||||
type: host-local
|
||||
routes:
|
||||
- dst: 0.0.0.0/0
|
||||
ranges:
|
||||
- - subnet: 10.255.255.0/24
|
||||
gateway: 10.255.255.1
|
||||
- type: portmap
|
||||
capabilities:
|
||||
portMappings: true
|
||||
- type: firewall
|
||||
- type: tuning
|
||||
|
||||
pre_tasks:
|
||||
- name: set basic user fact
|
||||
set_fact:
|
||||
ansible_user: "{{ lookup('env', 'USER') }}"
|
||||
when:
|
||||
- ansible_user is undefined
|
||||
|
||||
- name: set basic home fact
|
||||
set_fact:
|
||||
ansible_user_dir: "{{ lookup('env', 'HOME') }}"
|
||||
when:
|
||||
- ansible_user_dir is undefined
|
||||
|
||||
roles:
|
||||
- role: test_deps
|
||||
|
||||
tasks:
|
||||
- name: Disable SELinux
|
||||
become: true
|
||||
selinux:
|
||||
state: disabled
|
||||
|
||||
- name: Ensure registry doesn't exist
|
||||
podman_container:
|
||||
name: registry
|
||||
state: absent
|
||||
|
||||
- name: Pull ubuntu image
|
||||
podman_image:
|
||||
name: ubuntu
|
||||
tag: 16.04
|
||||
|
||||
- name: Create auth directory
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ ansible_user_dir }}/auth"
|
||||
|
||||
- name: Create registry
|
||||
shell: |-
|
||||
podman tag ubuntu:16.04 localhost:5000/my-ubuntu
|
||||
podman run --entrypoint htpasswd registry:2.7.0 -Bbn testuser testpassword > {{ ansible_user_dir }}/auth/htpasswd
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: Create registry
|
||||
podman_container:
|
||||
name: registry
|
||||
image: "registry:2.7.0"
|
||||
restart_policy: always
|
||||
detach: true
|
||||
ports:
|
||||
- "5000:5000"
|
||||
volume:
|
||||
- "{{ ansible_user_dir }}/auth:/auth"
|
||||
env:
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
|
||||
- name: Run install
|
||||
include_role:
|
||||
name: tripleo-podman
|
||||
tasks_from: tripleo_podman_install.yml
|
||||
vars_from: "redhat.yml"
|
|
@ -26,30 +26,23 @@
|
|||
name: "{{ tripleo_podman_packages }}"
|
||||
state: latest
|
||||
|
||||
- name: Check for cni0 interface
|
||||
command: ip link show cni0
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: cni0_interface
|
||||
|
||||
- name: Delete cni0 interface
|
||||
- name: Delete legacy cni0 interface (podman < 1.6)
|
||||
command: ip link delete cni0
|
||||
when:
|
||||
- cni0_interface.rc is defined
|
||||
- cni0_interface.rc == 0
|
||||
- '"cni0" in ansible_interfaces'
|
||||
|
||||
- name: Check if 87-podman-bridge.conflist exists
|
||||
stat:
|
||||
path: /etc/cni/net.d/87-podman-bridge.conflist
|
||||
register: podman_bridge_config
|
||||
|
||||
- name: Remove default cni config for cni0 if exists
|
||||
# don't update the network config if the network is already running
|
||||
# meaning cni-podman0 is running somewhere
|
||||
- name: Update default network configuration if possible
|
||||
copy:
|
||||
dest: /etc/cni/net.d/87-podman-bridge.conflist
|
||||
content: ''
|
||||
force: true
|
||||
content: "{{ tripleo_podman_default_network_config | to_json }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
when:
|
||||
- podman_bridge_config.stat.exists | bool
|
||||
- '"cni-podman0" not in ansible_interfaces'
|
||||
|
||||
|
||||
- name: configure insecure registries /etc/containers/registries.conf
|
||||
ini_file:
|
||||
|
|
Loading…
Reference in New Issue