Merge "Don't set capabilities in priviledge mode"
This commit is contained in:
commit
edd80b9369
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /run/udev:/run/udev:ro
|
- /run/udev:/run/udev:ro
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
@ -36,8 +34,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /run/udev:/run/udev:ro
|
- /run/udev:/run/udev:ro
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
privileged: true
|
privileged: true
|
||||||
|
@ -33,8 +31,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /lib/modules:/lib/modules
|
- /lib/modules:/lib/modules
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /lib/modules:/lib/modules
|
- /lib/modules:/lib/modules
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /lib/modules:/lib/modules
|
- /lib/modules:/lib/modules
|
||||||
|
|
|
@ -17,8 +17,6 @@ platforms:
|
||||||
/bin/mkdir -p /var/run/dbus &&
|
/bin/mkdir -p /var/run/dbus &&
|
||||||
/usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id &&
|
/usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id &&
|
||||||
/usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf
|
/usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /lib/modules:/lib/modules
|
- /lib/modules:/lib/modules
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools cronie rsyslog
|
pkg_extras: python*setuptools cronie rsyslog
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
||||||
url: registry.access.redhat.com
|
url: registry.access.redhat.com
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
||||||
url: registry.access.redhat.com
|
url: registry.access.redhat.com
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
|
|
@ -13,8 +13,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
@ -35,8 +33,6 @@ platforms:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
|
|
@ -16,8 +16,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
privileged: true
|
privileged: true
|
||||||
|
@ -33,8 +31,6 @@ platforms:
|
||||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||||
command: /sbin/init
|
command: /sbin/init
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
||||||
url: registry.access.redhat.com
|
url: registry.access.redhat.com
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
|
|
@ -12,8 +12,6 @@ platforms:
|
||||||
url: registry.access.redhat.com
|
url: registry.access.redhat.com
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
pkg_extras: python*setuptools
|
pkg_extras: python*setuptools
|
||||||
capabilities:
|
|
||||||
- ALL
|
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||||
|
|
|
@ -15,6 +15,17 @@
|
||||||
include_role:
|
include_role:
|
||||||
name: ensure-pip
|
name: ensure-pip
|
||||||
|
|
||||||
|
# https://github.com/containers/podman/issues/8965
|
||||||
|
# podman rootless systemd is broken in 2.0.5, so we use 1.6.4
|
||||||
|
- name: Pin container-tools
|
||||||
|
become: true
|
||||||
|
shell: |
|
||||||
|
dnf module disable container-tools:rhel8 -y
|
||||||
|
dnf module enable container-tools:2.0 -y
|
||||||
|
when:
|
||||||
|
- (ansible_os_family | lower) == "redhat"
|
||||||
|
- (ansible_distribution_major_version | int) >= 8
|
||||||
|
|
||||||
- name: Setup bindep
|
- name: Setup bindep
|
||||||
pip:
|
pip:
|
||||||
name: "bindep"
|
name: "bindep"
|
||||||
|
|
Loading…
Reference in New Issue