From c49c6ffbfc6f7cfbc0bfe25e27708c7734404e53 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Wed, 15 Jul 2020 18:19:26 +0530 Subject: [PATCH] Make buildah login optional Buildah login is not needed always, it's needed when pushing to container registeries, so make it optional by role var tripleo_podman_buildah_login set to false by default. Related-Bug: #1886555 Change-Id: Ibb91dfa9684b481dea34607fc47c0d531d56ee45 (cherry picked from commit 0d9effda372c034bafeaec9fca89c3af521c58bd) --- .../roles/tripleo_podman/defaults/main.yml | 1 + .../molecule/login/converge.yml | 4 ++ .../roles/tripleo_podman/tasks/main.yml | 7 ++++ .../tasks/tripleo_podman_buildah_login.yml | 37 +++++++++++++++++++ .../tasks/tripleo_podman_login.yml | 15 -------- .../roles/tripleo_podman/vars/redhat.yml | 1 - 6 files changed, 49 insertions(+), 16 deletions(-) create mode 100644 tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_buildah_login.yml diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml index d49858115..505a8bc4d 100644 --- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml @@ -19,6 +19,7 @@ tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" +tripleo_podman_buildah_login: false tripleo_container_registry_insecure_registries: [] tripleo_container_registry_login: false tripleo_container_registry_logins: {} diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml b/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml index fbb02be2b..b16363a8e 100644 --- a/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml +++ b/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml @@ -18,6 +18,7 @@ - name: Converge hosts: all vars: + tripleo_podman_buildah_login: true tripleo_podman_tls_verify: false tripleo_container_registry_logins: localhost:5000: @@ -26,3 +27,6 @@ - include_role: name: tripleo_podman tasks_from: tripleo_podman_login.yml + - include_role: + name: tripleo_podman + tasks_from: tripleo_podman_buildah_login.yml diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/main.yml b/tripleo_ansible/roles/tripleo_podman/tasks/main.yml index c0437e6ca..55b8ecc72 100644 --- a/tripleo_ansible/roles/tripleo_podman/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_podman/tasks/main.yml @@ -52,3 +52,10 @@ when: - tripleo_container_registry_login | bool - tripleo_container_registry_logins + +- name: Buildah setup + import_tasks: tripleo_podman_buildah_login.yml + when: + - tripleo_podman_buildah_login | bool + - tripleo_container_registry_login | bool + - tripleo_container_registry_logins diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_buildah_login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_buildah_login.yml new file mode 100644 index 000000000..8826e10eb --- /dev/null +++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_buildah_login.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: ensure buildah is installed + become: true + package: + name: "buildah" + state: latest + +- name: Perform container registry login(s) with buildah + become: true + shell: |- + buildah login --username=$REGISTRY_USERNAME \ + --password=$REGISTRY_PASSWORD \ + --tls-verify={{ tripleo_podman_tls_verify }} \ + $REGISTRY + environment: + REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" + REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" + REGISTRY: "{{ item.key }}" + no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" + loop: "{{ query('dict', tripleo_container_registry_logins) }}" + register: registry_login_buildah diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml index eed305970..4e73c2672 100644 --- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml +++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml @@ -29,18 +29,3 @@ no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" loop: "{{ query('dict', tripleo_container_registry_logins) }}" register: registry_login_podman - -- name: Perform container registry login(s) with buildah - become: true - shell: |- - buildah login --username=$REGISTRY_USERNAME \ - --password=$REGISTRY_PASSWORD \ - --tls-verify={{ tripleo_podman_tls_verify }} \ - $REGISTRY - environment: - REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" - REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" - REGISTRY: "{{ item.key }}" - no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" - loop: "{{ query('dict', tripleo_container_registry_logins) }}" - register: registry_login_buildah diff --git a/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml b/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml index 69f9d8525..e6aa4de8a 100644 --- a/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml +++ b/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml @@ -17,7 +17,6 @@ _tripleo_podman_packages: - podman - - buildah _tripleo_podman_purge_packages: - docker