openstack
/
tripleo-ansible
Code Issues Proposed changes
tripleo-ansible/tripleo_ansible/roles/tripleo-container-manage/tasks/podman.yaml

165 lines
6.8 KiB
YAML
Raw Blame History

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Execute a command within a running container for {{ item.0 }}"
when:
- item.1.action is defined
- item.1.action == 'exec'
block:
- name: "Check if {{ item.1.command.0 }} container exists"
command: "{{ tripleo_container_cli }} container exists {{ item.1.command.0 }}"
- name: "Check if {{ item.1.command.0 }} container is running"
block:
- name: "Gather podman infos for {{ item.1.command.0 }}"
podman_container_info:
name: "{{ item.1.command.0 }}"
register: podman_containers
- name: "Fail if {{ item.1.command.0 }} is not running"
fail:
msg: "Can't run container exec for {{ item.0 }}, {{ item.1.command.0 }} is not running"
when:
- not podman_containers.ansible_facts.podman_containers.0.State.Running
- name: "Prepare the exec command for {{ item.0 }}"
set_fact:
cmd_template:
- "{{ tripleo_container_cli }}"
- "exec"
- "-u"
- "{{ item.1.user if item.1.user is defined else 'root' }}"
- name: "Run the container exec for {{ item.0 }}"
command:
argv: "{{ cmd_template + item.1.command }}"
- name: "Manage container for {{ item.0 }}"
podman_container:
cap_add: "{{ item.1.cap_add | default(omit) }}"
cap_drop: "{{ item.1.cap_drop | default(omit) }}"
command: "{{ item.1.command | default(omit) }}"
conmon_pidfile: "/var/run/{{ item.0 }}.pid"
cpu_shares: "{{ item.1.cpu_shares | default(omit) | int }}"
# cpuset_cpus: "{{ item.1.cpuset_cpus | default(omit) }}"
detach: "{{ item.1.detach | default(true) }}"
env: "{{ item.1.environment if item.1.environment is defined and item.1.environment else {} }}"
env_file: "{{ item.1.env_file | default(omit) }}"
etc_hosts: "{{ item.1.extra_hosts | default({}) }}"
group_add: "{{ item.1.group_add | default(omit) }}"
hostname: "{{ item.1.hostname | default(omit) }}"
image: "{{ item.1.image }}"
interactive: "{{ item.1.interactive | default(false) }}"
ipc: "{{ item.1.ipc | default(omit) }}"
label:
config_id: "tripleo_step{{ step }}"
container_name: "{{ item.0 }}"
managed_by: tripleo_ansible
config_data: "{{ item.1 | to_json }}"
log_driver: "{{ 'k8s-file' if tripleo_container_manage_log_path is defined else '' }}"
# log_opt: |
# "{{ 'path=' if tripleo_container_manage_log_path is defined else '' }}
# {{ tripleo_container_manage_log_path | default('') }}
# {{ '/' if tripleo_container_manage_log_path is defined else '' }}
# {{ item.0 if tripleo_container_manage_log_path is defined else '' }}"
memory: "{{ item.1.mem_limit | default(omit) }}"
memory_swap: "{{ item.1.mem_swappiness | default(omit) }}"
name: "{{ item.0 }}"
net: "{{ item.1.net | default('none') }}"
pid: "{{ item.1.pid | default(omit) }}"
privileged: "{{ item.1.privileged | default(false) }}"
rm: "{{ item.1.remove | default(false) }}"
security_opt: "{{ item.1.security_opt | default(omit) }}"
state: present
stop_signal: "{{ item.1.stop_signal | default(omit) }}"
stop_timeout: "{{ item.1.stop_grace_period | default(omit) | int }}"
tty: "{{ item.1.tty | default(false) }}"
ulimit: "{{ item.1.ulimit | default(omit) }}"
user: "{{ item.1.user | default(omit) }}"
uts: "{{ item.1.uts | default(omit) }}"
volume: "{{ item.1.volumes | default(omit) }}"
volumes_from: "{{ item.1.volumes_from | default([]) }}"
when:
- item.1.action is not defined
- name: Manage systemd service for {{ item.0 }}
when:
- item.1.action is not defined
- item.1.restart is defined
# systemd doesn't have the equivalent of docker unless-stopped.
# Let's force 'always' so containers aren't restarted when stopped by
# systemd, but restarted when in failure.
- item.1.restart == 'always' or item.1.restart == 'unless-stopped'
block:
- name: Check if /etc/sysconfig/podman_drop_in exists
stat:
path: /etc/sysconfig/podman_drop_in
register: podman_drop_in
- name: Set podman_drop_in fact
set_fact:
podman_drop_in: true
when:
- podman_drop_in.stat.exists
- name: "Start systemd service for {{ item.0 }}"
block:
- name: "Remove trailing .requires for {{ item.0 }}"
file:
path: "/etc/systemd/system/tripleo_{{ item.0 }}.requires"
state: absent
- name: "Create systemd unit file for {{ item.0 }} service"
template:
src: systemd-service.j2
dest: "/etc/systemd/system/tripleo_{{ item.0 }}.service"
mode: '0644'
owner: root
group: root
register: systemd_file
- name: "Enable and start systemd service for {{ item.0 }}"
systemd:
# Restart the service if it was already running
state: restarted
name: "tripleo_{{ item.0 }}.service"
enabled: true
daemon_reload: true
when:
- systemd_file.changed
- name: "Manage systemd healthcheck for {{ item.0 }}"
when:
- not (container_healthcheck_disabled | default(false))
- item.1.healthcheck is defined
block:
- name: "Create systemd unit file for {{ item.0 }} healthcheck"
template:
src: systemd-healthcheck.j2
dest: "/etc/systemd/system/tripleo_{{ item.0 }}_healthcheck.service"
mode: '0644'
owner: root
group: root
register: systemd_healthcheck
- name: "Create systemd timer for {{ item.0 }} healthcheck"
template:
src: systemd-timer.j2
dest: "/etc/systemd/system/tripleo_{{ item.0 }}_healthcheck.timer"
mode: '0644'
owner: root
group: root
register: systemd_timer
- name: "Enable and start systemd timer for {{ item.0 }}"
systemd:
# Restart the timer if it was already running
state: restarted
name: "tripleo_{{ item.0 }}_healthcheck.timer"
enabled: true
daemon_reload: true
when:
- systemd_healthcheck.changed or systemd_timer.changed
View Git Blame Copy Permalink