Create a podman role

This change creates a role using the podman content from
THT[0]. This role will run through all of the tasks found
within the THT file, and implements molecule tests coving
the functionality.

Test Matrix:
  - default - Runs through the role top to bottom
  - install - Runs only the install portions of the role
  - login - Runs only the login portion of the role

[0] - https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/podman/podman-baremetal-ansible.yaml

Task: 34598
Task: 34600
Task: 34601
Story: 2006017

Change-Id: Ia7fd611320d2f29b330a04484dca3146d74d8d82
Signed-off-by: Kevin Carter <kecarter@redhat.com>
changes/00/671100/2
Kevin Carter 3 years ago committed by Kevin Carter
parent 48704c00df
commit 9912b049e9
No known key found for this signature in database
GPG Key ID: CE94BD890A47B20A
  1. 6
      doc/source/roles/role-tripleo-podman.rst
  2. 25
      tripleo_ansible/roles/tripleo-podman/defaults/main.yml
  3. 44
      tripleo_ansible/roles/tripleo-podman/meta/main.yml
  4. 54
      tripleo_ansible/roles/tripleo-podman/molecule/default/molecule.yml
  5. 21
      tripleo_ansible/roles/tripleo-podman/molecule/default/playbook.yml
  6. 76
      tripleo_ansible/roles/tripleo-podman/molecule/default/prepare.yml
  7. 54
      tripleo_ansible/roles/tripleo-podman/molecule/install/molecule.yml
  8. 25
      tripleo_ansible/roles/tripleo-podman/molecule/install/playbook.yml
  9. 23
      tripleo_ansible/roles/tripleo-podman/molecule/install/prepare.yml
  10. 54
      tripleo_ansible/roles/tripleo-podman/molecule/login/molecule.yml
  11. 28
      tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml
  12. 62
      tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml
  13. 51
      tripleo_ansible/roles/tripleo-podman/tasks/main.yml
  14. 62
      tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_purge.yml
  15. 32
      tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_stop.yml
  16. 51
      tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml
  17. 29
      tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml
  18. 25
      tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_purge.yml
  19. 23
      tripleo_ansible/roles/tripleo-podman/vars/redhat.yml
  20. 9
      zuul.d/molecule.yaml

@ -0,0 +1,6 @@
=====================
Role - tripleo-podman
=====================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo-podman

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should place placed in this file.
tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
tripleo_container_registry_logins: {}
tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
tripleo_podman_tls_verify: true

@ -0,0 +1,44 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-podman
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

@ -0,0 +1,54 @@
---
driver:
name: delegated
options:
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
log: true
platforms:
- name: instance
provisioner:
name: ansible
config_options:
defaults:
fact_caching: jsonfile
fact_caching_connection: /tmp/molecule/facts
inventory:
hosts:
all:
hosts:
instance:
ansible_host: localhost
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
scenario:
name: default
test_sequence:
- prepare
- converge
- verify
lint:
enabled: false
verifier:
name: testinfra
lint:
name: flake8

@ -0,0 +1,21 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
roles:
- role: "tripleo-podman"

@ -0,0 +1,76 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
become: true
gather_facts: true
pre_tasks:
- name: Check for docker cli
command: "command -v docker"
register: docker_cli
failed_when: false
changed_when: false
- name: Check for docker connection
command: "docker ps"
register: docker_ps
failed_when: false
changed_when: false
- name: set basic user fact
set_fact:
ansible_user: "{{ lookup('env', 'USER') }}"
when:
- ansible_user is undefined
- name: set basic home fact
set_fact:
ansible_user_dir: "{{ lookup('env', 'HOME') }}"
when:
- ansible_user_dir is undefined
roles:
- role: test_deps
- role: install-docker
when:
- (docker_cli.rc != 0) or
(docker_ps.rc != 0)
post_tasks:
- name: Install docker-sdk
pip:
name: docker
virtualenv: "{{ ansible_user_dir }}/test-python"
virtualenv_site_packages: true
- name: pull an image
docker_image:
name: fedora:28
source: pull
vars:
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
- name: Create a data container
docker_container:
name: "{{ item }}"
image: fedora:28
detach: true
command: sleep 1d
with_items:
- docker-container1
- docker-container2
vars:
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

@ -0,0 +1,54 @@
---
driver:
name: delegated
options:
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
log: true
platforms:
- name: instance
provisioner:
name: ansible
config_options:
defaults:
fact_caching: jsonfile
fact_caching_connection: /tmp/molecule/facts
inventory:
hosts:
all:
hosts:
instance:
ansible_host: localhost
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
scenario:
name: install
test_sequence:
- prepare
- converge
- verify
lint:
enabled: false
verifier:
name: testinfra
lint:
name: flake8

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Run install
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_install.yml
vars_from: "redhat.yml"

@ -0,0 +1,23 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
become: true
gather_facts: true
roles:
- role: test_deps

@ -0,0 +1,54 @@
---
driver:
name: delegated
options:
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
log: true
platforms:
- name: instance
provisioner:
name: ansible
config_options:
defaults:
fact_caching: jsonfile
fact_caching_connection: /tmp/molecule/facts
inventory:
hosts:
all:
hosts:
instance:
ansible_host: localhost
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
scenario:
name: login
test_sequence:
- prepare
- converge
- verify
lint:
enabled: false
verifier:
name: testinfra
lint:
name: flake8

@ -0,0 +1,28 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_podman_tls_verify: false
tripleo_container_registry_logins:
localhost:5000:
testuser: testpassword
tasks:
- include_role:
name: tripleo-podman
tasks_from: tripleo_podman_login.yml

@ -0,0 +1,62 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
become: true
gather_facts: true
pre_tasks:
- name: set basic user fact
set_fact:
ansible_user: "{{ lookup('env', 'USER') }}"
when:
- ansible_user is undefined
- name: set basic home fact
set_fact:
ansible_user_dir: "{{ lookup('env', 'HOME') }}"
when:
- ansible_user_dir is undefined
roles:
- role: test_deps
- role: install-docker
tasks:
- name: Create a docker registry
become: true
shell: |-
docker pull ubuntu:16.04
docker tag ubuntu:16.04 localhost:5000/my-ubuntu
mkdir auth
docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd
docker container stop registry
docker run -d -p 5000:5000 --restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2
args:
creates: /root/auth/htpasswd
- name: Run install
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_install.yml
vars_from: "redhat.yml"

@ -0,0 +1,51 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# "tripleo-podman" will search for and load any operating system variable file
# found within the "vars/" path. If no OS files are found the task will skip.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- skip: true
files:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Remove docker containers
import_tasks: tripleo_docker_stop.yml
- name: Purge Docker
import_tasks: tripleo_docker_purge.yml
- name: Podman install
import_tasks: tripleo_podman_install.yml
- name: Podman purge
import_tasks: tripleo_podman_purge.yml
- name: Podman install
import_tasks: tripleo_podman_login.yml
when:
- tripleo_container_registry_login | bool
- tripleo_container_registry_logins

@ -0,0 +1,62 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Check if docker has some data
stat:
path: /var/lib/docker
register: docker_path_stat
- name: Docker purge block
when:
- docker_path_stat.stat.exists | bool
become: true
block:
- name: Check docker service state
systemd:
name: docker
register: docker_service_state
- name: Run docker system prune
shell: docker system prune -a -f
when:
- (docker_service_state.status['SubState'] | lower) == 'running'
- name: Stop and disable Docker service
systemd:
name: docker
state: stopped
enabled: false
- name: Uninstall Docker rpm
package:
name: "{{ tripleo_podman_purge_packages }}"
state: absent
- name: Refresh hardware facts
setup:
gather_subset:
- hardware
- name: Un-mount docker directories
mount:
path: "{{ item.mount }}"
state: unmounted
loop: "{{ ansible_mounts | selectattr('mount', 'search', 'docker') | list }}"
- name: Purge /var/lib/docker
file:
path: /var/lib/docker
state: absent

@ -0,0 +1,32 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Docker containers stop block
tags:
- never
- system_upgrade_prepare
become: true
block:
- name: Stop all services by stopping all Docker containers
command: docker ps -aq
register: running_containers
- name: Stop a container
docker_container:
name: "{{ item }}"
state: stopped
loop: "{{ running_containers.stdout_lines | default([]) }}"

@ -0,0 +1,51 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Install block
become: true
block:
- name: ensure podman and deps are installed
package:
name: "{{ tripleo_podman_packages }}"
state: latest
- name: Check for cni0 interface
command: ip link show cni0
changed_when: false
failed_when: false
register: cni0_interface
- name: Delete cni0 interface
command: ip link delete cni0
when:
- cni0_interface.rc == 0
- name: Remove default cni config for cni0 if exists
copy:
dest: /etc/cni/net.d/87-podman-bridge.conflist
content: ''
force: true
ignore_errors: true
- name: configure insecure registries /etc/containers/registries.conf
ini_file:
path: /etc/containers/registries.conf
section: 'registries.insecure'
option: registries
value: "{{ tripleo_container_registry_insecure_registries }}"
when:
- (tripleo_container_registry_insecure_registries | length) > 0

@ -0,0 +1,29 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Perform container registry login(s)
become: true
shell: |-
podman login --username=$REGISTRY_USERNAME \
--password=$REGISTRY_PASSWORD \
--tls-verify={{ tripleo_podman_tls_verify }} \
$REGISTRY
environment:
REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
REGISTRY: "{{ item.key }}"
loop: "{{ query('dict', tripleo_container_registry_logins) }}"

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Podman prune
become: true
block:
- name: Clean podman images
command: podman image prune -a
- name: Clean podman volumes
command: podman volume prune -f

@ -0,0 +1,23 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
_tripleo_podman_packages:
- podman
_tripleo_podman_purge_packages:
- docker
- docker-ce

@ -16,6 +16,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-container-rm
- tripleo-ansible-centos-7-molecule-tripleo-image-serve
- tripleo-ansible-centos-7-molecule-tripleo-transfer
- tripleo-ansible-centos-7-molecule-tripleo-podman
gate:
jobs:
- tripleo-ansible-centos-7-molecule-aide
@ -32,6 +33,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-container-rm
- tripleo-ansible-centos-7-molecule-tripleo-image-serve
- tripleo-ansible-centos-7-molecule-tripleo-transfer
- tripleo-ansible-centos-7-molecule-tripleo-podman
name: tripleo-ansible-molecule-jobs
- job:
files:
@ -136,3 +138,10 @@
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-transfer
- job:
files:
- ^tripleo_ansible/roles/tripleo-podman/.*
name: tripleo-ansible-centos-7-molecule-tripleo-podman
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-podman

Loading…
Cancel
Save