Don't set capabilities in priviledge mode
When priviledge mode is set, don't add any capabilities as they are included. Use 1.6.4 podman because 2.0.5 rootless doesn't work with systemd [1] Disable Selinux on host. [1] https://github.com/containers/podman/issues/8965 Closes-Bug: #1910970 Change-Id: I73ac1c405e8a3539937a5578bb003cba0b935d94changes/02/770102/5
parent
0f6207f9df
commit
c90b0ea4e6
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /run/udev:/run/udev:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
|
@ -36,8 +34,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /run/udev:/run/udev:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
privileged: true
|
||||
|
@ -33,8 +31,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
privileged: true
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /dev:/dev
|
||||
- /lib/modules:/lib/modules
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /dev:/dev
|
||||
- /lib/modules:/lib/modules
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /dev:/dev
|
||||
- /lib/modules:/lib/modules
|
||||
|
|
|
@ -17,8 +17,6 @@ platforms:
|
|||
/bin/mkdir -p /var/run/dbus &&
|
||||
/usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id &&
|
||||
/usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /dev:/dev
|
||||
- /lib/modules:/lib/modules
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools cronie rsyslog
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
|||
url: registry.access.redhat.com
|
||||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
|||
url: registry.access.redhat.com
|
||||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
@ -35,8 +33,6 @@ platforms:
|
|||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
privileged: true
|
||||
|
@ -33,8 +31,6 @@ platforms:
|
|||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
command: /sbin/init
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
privileged: true
|
||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
|||
url: registry.access.redhat.com
|
||||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
|||
url: registry.access.redhat.com
|
||||
dockerfile: Dockerfile
|
||||
pkg_extras: python*setuptools
|
||||
capabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
|
|
|
@ -15,6 +15,17 @@
|
|||
include_role:
|
||||
name: ensure-pip
|
||||
|
||||
# https://github.com/containers/podman/issues/8965
|
||||
# podman rootless systemd is broken in 2.0.5, so we use 1.6.4
|
||||
- name: Pin container-tools
|
||||
become: true
|
||||
shell: |
|
||||
dnf module disable container-tools:rhel8 -y
|
||||
dnf module enable container-tools:2.0 -y
|
||||
when:
|
||||
- (ansible_os_family | lower) == "redhat"
|
||||
- (ansible_distribution_major_version | int) >= 8
|
||||
|
||||
- name: Setup bindep
|
||||
pip:
|
||||
name: "bindep"
|
||||
|
|
Loading…
Reference in New Issue