From 9912b049e94201fee30a394011337ee78bc7bf63 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 15 Jul 2019 23:43:20 -0500 Subject: [PATCH] Create a podman role This change creates a role using the podman content from THT[0]. This role will run through all of the tasks found within the THT file, and implements molecule tests coving the functionality. Test Matrix: - default - Runs through the role top to bottom - install - Runs only the install portions of the role - login - Runs only the login portion of the role [0] - https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/podman/podman-baremetal-ansible.yaml Task: 34598 Task: 34600 Task: 34601 Story: 2006017 Change-Id: Ia7fd611320d2f29b330a04484dca3146d74d8d82 Signed-off-by: Kevin Carter --- doc/source/roles/role-tripleo-podman.rst | 6 ++ .../roles/tripleo-podman/defaults/main.yml | 25 ++++++ .../roles/tripleo-podman/meta/main.yml | 44 +++++++++++ .../molecule/default/molecule.yml | 54 +++++++++++++ .../molecule/default/playbook.yml | 21 +++++ .../molecule/default/prepare.yml | 76 +++++++++++++++++++ .../molecule/install/molecule.yml | 54 +++++++++++++ .../molecule/install/playbook.yml | 25 ++++++ .../molecule/install/prepare.yml | 23 ++++++ .../molecule/login/molecule.yml | 54 +++++++++++++ .../molecule/login/playbook.yml | 28 +++++++ .../tripleo-podman/molecule/login/prepare.yml | 62 +++++++++++++++ .../roles/tripleo-podman/tasks/main.yml | 51 +++++++++++++ .../tasks/tripleo_docker_purge.yml | 62 +++++++++++++++ .../tasks/tripleo_docker_stop.yml | 32 ++++++++ .../tasks/tripleo_podman_install.yml | 51 +++++++++++++ .../tasks/tripleo_podman_login.yml | 29 +++++++ .../tasks/tripleo_podman_purge.yml | 25 ++++++ .../roles/tripleo-podman/vars/redhat.yml | 23 ++++++ zuul.d/molecule.yaml | 9 +++ 20 files changed, 754 insertions(+) create mode 100644 doc/source/roles/role-tripleo-podman.rst create mode 100644 tripleo_ansible/roles/tripleo-podman/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/default/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/install/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/install/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/install/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/login/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_purge.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_stop.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_purge.yml create mode 100644 tripleo_ansible/roles/tripleo-podman/vars/redhat.yml diff --git a/doc/source/roles/role-tripleo-podman.rst b/doc/source/roles/role-tripleo-podman.rst new file mode 100644 index 000000000..df9e2074c --- /dev/null +++ b/doc/source/roles/role-tripleo-podman.rst @@ -0,0 +1,6 @@ +===================== +Role - tripleo-podman +===================== + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo-podman diff --git a/tripleo_ansible/roles/tripleo-podman/defaults/main.yml b/tripleo_ansible/roles/tripleo-podman/defaults/main.yml new file mode 100644 index 000000000..c7e44290c --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/defaults/main.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +tripleo_container_registry_insecure_registries: [] +tripleo_container_registry_login: false +tripleo_container_registry_logins: {} +tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}" +tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}" +tripleo_podman_tls_verify: true diff --git a/tripleo_ansible/roles/tripleo-podman/meta/main.yml b/tripleo_ansible/roles/tripleo-podman/meta/main.yml new file mode 100644 index 000000000..aff719085 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-podman + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-podman/molecule/default/molecule.yml new file mode 100644 index 000000000..7409d6b75 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/default/molecule.yml @@ -0,0 +1,54 @@ +--- +driver: + name: delegated + options: + managed: false + login_cmd_template: >- + ssh + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o Compression=no + -o TCPKeepAlive=yes + -o VerifyHostKeyDNS=no + -o ForwardX11=no + -o ForwardAgent=no + {instance} + ansible_connection_options: + ansible_connection: ssh + +log: true + +platforms: + - name: instance + +provisioner: + name: ansible + config_options: + defaults: + fact_caching: jsonfile + fact_caching_connection: /tmp/molecule/facts + inventory: + hosts: + all: + hosts: + instance: + ansible_host: localhost + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" + +scenario: + name: default + test_sequence: + - prepare + - converge + - verify + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-podman/molecule/default/playbook.yml new file mode 100644 index 000000000..69b6ae503 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/default/playbook.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo-podman" diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-podman/molecule/default/prepare.yml new file mode 100644 index 000000000..c86511664 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/default/prepare.yml @@ -0,0 +1,76 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + become: true + gather_facts: true + pre_tasks: + - name: Check for docker cli + command: "command -v docker" + register: docker_cli + failed_when: false + changed_when: false + + - name: Check for docker connection + command: "docker ps" + register: docker_ps + failed_when: false + changed_when: false + + - name: set basic user fact + set_fact: + ansible_user: "{{ lookup('env', 'USER') }}" + when: + - ansible_user is undefined + + - name: set basic home fact + set_fact: + ansible_user_dir: "{{ lookup('env', 'HOME') }}" + when: + - ansible_user_dir is undefined + roles: + - role: test_deps + - role: install-docker + when: + - (docker_cli.rc != 0) or + (docker_ps.rc != 0) + post_tasks: + - name: Install docker-sdk + pip: + name: docker + virtualenv: "{{ ansible_user_dir }}/test-python" + virtualenv_site_packages: true + + - name: pull an image + docker_image: + name: fedora:28 + source: pull + vars: + ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python" + + - name: Create a data container + docker_container: + name: "{{ item }}" + image: fedora:28 + detach: true + command: sleep 1d + with_items: + - docker-container1 + - docker-container2 + vars: + ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python" diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/install/molecule.yml b/tripleo_ansible/roles/tripleo-podman/molecule/install/molecule.yml new file mode 100644 index 000000000..34d1a7ff2 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/install/molecule.yml @@ -0,0 +1,54 @@ +--- +driver: + name: delegated + options: + managed: false + login_cmd_template: >- + ssh + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o Compression=no + -o TCPKeepAlive=yes + -o VerifyHostKeyDNS=no + -o ForwardX11=no + -o ForwardAgent=no + {instance} + ansible_connection_options: + ansible_connection: ssh + +log: true + +platforms: + - name: instance + +provisioner: + name: ansible + config_options: + defaults: + fact_caching: jsonfile + fact_caching_connection: /tmp/molecule/facts + inventory: + hosts: + all: + hosts: + instance: + ansible_host: localhost + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" + +scenario: + name: install + test_sequence: + - prepare + - converge + - verify + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/install/playbook.yml b/tripleo_ansible/roles/tripleo-podman/molecule/install/playbook.yml new file mode 100644 index 000000000..55a932218 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/install/playbook.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + tasks: + - name: Run install + include_role: + name: tripleo-podman + tasks_from: tripleo_podman_install.yml + vars_from: "redhat.yml" diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/install/prepare.yml b/tripleo_ansible/roles/tripleo-podman/molecule/install/prepare.yml new file mode 100644 index 000000000..4a2941d62 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/install/prepare.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + become: true + gather_facts: true + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/login/molecule.yml b/tripleo_ansible/roles/tripleo-podman/molecule/login/molecule.yml new file mode 100644 index 000000000..19c52b54d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/login/molecule.yml @@ -0,0 +1,54 @@ +--- +driver: + name: delegated + options: + managed: false + login_cmd_template: >- + ssh + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o Compression=no + -o TCPKeepAlive=yes + -o VerifyHostKeyDNS=no + -o ForwardX11=no + -o ForwardAgent=no + {instance} + ansible_connection_options: + ansible_connection: ssh + +log: true + +platforms: + - name: instance + +provisioner: + name: ansible + config_options: + defaults: + fact_caching: jsonfile + fact_caching_connection: /tmp/molecule/facts + inventory: + hosts: + all: + hosts: + instance: + ansible_host: localhost + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" + +scenario: + name: login + test_sequence: + - prepare + - converge + - verify + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml b/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml new file mode 100644 index 000000000..7191fe04d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + vars: + tripleo_podman_tls_verify: false + tripleo_container_registry_logins: + localhost:5000: + testuser: testpassword + tasks: + - include_role: + name: tripleo-podman + tasks_from: tripleo_podman_login.yml diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml b/tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml new file mode 100644 index 000000000..18f43f84f --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + become: true + gather_facts: true + pre_tasks: + - name: set basic user fact + set_fact: + ansible_user: "{{ lookup('env', 'USER') }}" + when: + - ansible_user is undefined + + - name: set basic home fact + set_fact: + ansible_user_dir: "{{ lookup('env', 'HOME') }}" + when: + - ansible_user_dir is undefined + + roles: + - role: test_deps + - role: install-docker + + tasks: + - name: Create a docker registry + become: true + shell: |- + docker pull ubuntu:16.04 + docker tag ubuntu:16.04 localhost:5000/my-ubuntu + mkdir auth + docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd + docker container stop registry + docker run -d -p 5000:5000 --restart=always \ + --name registry \ + -v "$(pwd)"/auth:/auth \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ + registry:2 + args: + creates: /root/auth/htpasswd + + - name: Run install + include_role: + name: tripleo-podman + tasks_from: tripleo_podman_install.yml + vars_from: "redhat.yml" diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/main.yml b/tripleo_ansible/roles/tripleo-podman/tasks/main.yml new file mode 100644 index 000000000..456bcdaf5 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/main.yml @@ -0,0 +1,51 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "tripleo-podman" will search for and load any operating system variable file + +# found within the "vars/" path. If no OS files are found the task will skip. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - skip: true + files: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Remove docker containers + import_tasks: tripleo_docker_stop.yml + +- name: Purge Docker + import_tasks: tripleo_docker_purge.yml + +- name: Podman install + import_tasks: tripleo_podman_install.yml + +- name: Podman purge + import_tasks: tripleo_podman_purge.yml + +- name: Podman install + import_tasks: tripleo_podman_login.yml + when: + - tripleo_container_registry_login | bool + - tripleo_container_registry_logins diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_purge.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_purge.yml new file mode 100644 index 000000000..e01e9dfba --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_purge.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Check if docker has some data + stat: + path: /var/lib/docker + register: docker_path_stat + +- name: Docker purge block + when: + - docker_path_stat.stat.exists | bool + become: true + block: + - name: Check docker service state + systemd: + name: docker + register: docker_service_state + + - name: Run docker system prune + shell: docker system prune -a -f + when: + - (docker_service_state.status['SubState'] | lower) == 'running' + + - name: Stop and disable Docker service + systemd: + name: docker + state: stopped + enabled: false + + - name: Uninstall Docker rpm + package: + name: "{{ tripleo_podman_purge_packages }}" + state: absent + + - name: Refresh hardware facts + setup: + gather_subset: + - hardware + + - name: Un-mount docker directories + mount: + path: "{{ item.mount }}" + state: unmounted + loop: "{{ ansible_mounts | selectattr('mount', 'search', 'docker') | list }}" + + - name: Purge /var/lib/docker + file: + path: /var/lib/docker + state: absent diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_stop.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_stop.yml new file mode 100644 index 000000000..bfe3ac1ba --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_docker_stop.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Docker containers stop block + tags: + - never + - system_upgrade_prepare + become: true + block: + - name: Stop all services by stopping all Docker containers + command: docker ps -aq + register: running_containers + + - name: Stop a container + docker_container: + name: "{{ item }}" + state: stopped + loop: "{{ running_containers.stdout_lines | default([]) }}" diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml new file mode 100644 index 000000000..25e536a95 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml @@ -0,0 +1,51 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Install block + become: true + block: + - name: ensure podman and deps are installed + package: + name: "{{ tripleo_podman_packages }}" + state: latest + + - name: Check for cni0 interface + command: ip link show cni0 + changed_when: false + failed_when: false + register: cni0_interface + + - name: Delete cni0 interface + command: ip link delete cni0 + when: + - cni0_interface.rc == 0 + + - name: Remove default cni config for cni0 if exists + copy: + dest: /etc/cni/net.d/87-podman-bridge.conflist + content: '' + force: true + ignore_errors: true + + - name: configure insecure registries /etc/containers/registries.conf + ini_file: + path: /etc/containers/registries.conf + section: 'registries.insecure' + option: registries + value: "{{ tripleo_container_registry_insecure_registries }}" + when: + - (tripleo_container_registry_insecure_registries | length) > 0 diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml new file mode 100644 index 000000000..55cc85e60 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Perform container registry login(s) + become: true + shell: |- + podman login --username=$REGISTRY_USERNAME \ + --password=$REGISTRY_PASSWORD \ + --tls-verify={{ tripleo_podman_tls_verify }} \ + $REGISTRY + environment: + REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" + REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" + REGISTRY: "{{ item.key }}" + loop: "{{ query('dict', tripleo_container_registry_logins) }}" diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_purge.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_purge.yml new file mode 100644 index 000000000..5668dc95d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_purge.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Podman prune + become: true + block: + - name: Clean podman images + command: podman image prune -a + + - name: Clean podman volumes + command: podman volume prune -f diff --git a/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml b/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml new file mode 100644 index 000000000..e6aa4de8a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +_tripleo_podman_packages: + - podman + +_tripleo_podman_purge_packages: + - docker + - docker-ce diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 4a0ad34cc..cd0e2bd4d 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -16,6 +16,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-container-rm - tripleo-ansible-centos-7-molecule-tripleo-image-serve - tripleo-ansible-centos-7-molecule-tripleo-transfer + - tripleo-ansible-centos-7-molecule-tripleo-podman gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -32,6 +33,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-container-rm - tripleo-ansible-centos-7-molecule-tripleo-image-serve - tripleo-ansible-centos-7-molecule-tripleo-transfer + - tripleo-ansible-centos-7-molecule-tripleo-podman name: tripleo-ansible-molecule-jobs - job: files: @@ -136,3 +138,10 @@ parent: tripleo-ansible-centos-7-base vars: tripleo_role_name: tripleo-transfer +- job: + files: + - ^tripleo_ansible/roles/tripleo-podman/.* + name: tripleo-ansible-centos-7-molecule-tripleo-podman + parent: tripleo-ansible-centos-7-base + vars: + tripleo_role_name: tripleo-podman