9a2a36437d
Ansible has decided that roles with hypens in them are no longer supported by not including support for them in collections. This change renames all the roles we use to the new role name. Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26 Signed-off-by: Kevin Carter <kecarter@redhat.com>
203 lines
7.0 KiB
YAML
203 lines
7.0 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Configures podman on the host
|
|
|
|
parameters:
|
|
DockerInsecureRegistryAddress:
|
|
description: Optional. The IP Address and Port of an insecure docker
|
|
namespace that will be configured in /etc/sysconfig/docker.
|
|
The value can be multiple addresses separated by commas.
|
|
type: comma_delimited_list
|
|
default: []
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
ContainerImageRegistryLogin:
|
|
type: boolean
|
|
default: false
|
|
description: Flag to enable container registry login actions during the deployment.
|
|
Setting this to true will cause login calls to be performed during the
|
|
deployment.
|
|
ContainerImageRegistryCredentials:
|
|
type: json
|
|
hidden: true
|
|
default: {}
|
|
description: |
|
|
Mapping of image registry hosts to login credentials. Must be in the following example format
|
|
|
|
docker.io:
|
|
username: pa55word
|
|
'192.0.2.1:8787':
|
|
registry_username: password
|
|
SystemdDropInDependencies:
|
|
default: true
|
|
description: tell the container manager (e.g. paunch) to inject
|
|
additional ordering dependencies for the systemd
|
|
scopes associated to podman containers.
|
|
type: boolean
|
|
|
|
conditions:
|
|
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
|
|
systemd_drop_in_dependencies_enabled: {get_param: SystemdDropInDependencies}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the podman service
|
|
value:
|
|
service_name: podman
|
|
config_settings: {}
|
|
step_config: ''
|
|
host_prep_tasks:
|
|
- name: Install and configure Podman
|
|
block: &install_and_configure_podman
|
|
- name: Set login facts
|
|
set_fact:
|
|
container_registry_insecure_registries:
|
|
if:
|
|
- insecure_registry_is_empty
|
|
- []
|
|
- {get_param: DockerInsecureRegistryAddress}
|
|
container_registry_login: {get_param: ContainerImageRegistryLogin}
|
|
# default that is overwritten by the heat -> dict conversion
|
|
container_registry_logins: {}
|
|
container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
|
|
|
|
- name: Convert logins json to dict
|
|
set_fact:
|
|
container_registry_logins: "{{ container_registry_logins_json | from_json }}"
|
|
when:
|
|
- container_registry_logins_json is string
|
|
- container_registry_login | bool
|
|
- (container_registry_logins_json | length) > 0
|
|
|
|
- name: Set registry logins
|
|
set_fact:
|
|
container_registry_logins: "{{ container_registry_logins_json }}"
|
|
when:
|
|
- container_registry_logins_json is mapping
|
|
- container_registry_login | bool
|
|
- (container_registry_logins_json | length) > 0
|
|
|
|
- name: Run podman install
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_podman_install.yml
|
|
vars_from: "redhat.yml"
|
|
vars:
|
|
tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}"
|
|
|
|
- name: Run podman login
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_podman_login.yml
|
|
vars:
|
|
tripleo_container_registry_logins: "{{ container_registry_logins }}"
|
|
tripleo_container_registry_login: "{{ container_registry_login | bool }}"
|
|
|
|
- if:
|
|
- systemd_drop_in_dependencies_enabled
|
|
- - name: Configure paunch to generate systemd drop-in dependencies
|
|
copy:
|
|
dest: /etc/sysconfig/podman_drop_in
|
|
content: |
|
|
This file makes paunch generate additional systemd
|
|
dependencies for containers that have special
|
|
start/stop ordering constraints. It ensures that
|
|
those constraints are enforced on reboot/shutdown.
|
|
- - name: Configure paunch to not generate drop-in dependencies
|
|
file:
|
|
path: /etc/sysconfig/podman_drop_in
|
|
state: absent
|
|
|
|
service_config_settings: {}
|
|
|
|
upgrade_tasks:
|
|
- name: system_upgrade_prepare step 2
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
when:
|
|
- (step | int) == 2
|
|
block:
|
|
- name: Check if pcs is present
|
|
stat:
|
|
path: /usr/sbin/pcs
|
|
register: pcs_stat
|
|
- name: Stop pacemaker cluster before stopping all docker containers
|
|
pacemaker_cluster: state=offline
|
|
when: pcs_stat.stat.exists
|
|
- name: Destroy pacemaker cluster
|
|
command: /usr/sbin/pcs cluster destroy
|
|
when: pcs_stat.stat.exists
|
|
- name: Stop all services by stopping all docker containers
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_docker_stop.yml
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
|
|
- name: Run podman install
|
|
when:
|
|
- (step | int) == 1
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_podman_install.yml
|
|
vars_from: "redhat.yml"
|
|
|
|
post_upgrade_tasks:
|
|
- name: Purge everything about docker on the host
|
|
when:
|
|
- (step | int) == 3
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_docker_purge.yml
|
|
|
|
- name: Stop docker
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_docker_stop.yml
|
|
|
|
- name: Purge Podman
|
|
when:
|
|
- (step | int) == 3
|
|
- container_cli == 'podman'
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_podman_purge.yml
|
|
|
|
post_update_tasks:
|
|
- name: Purge Podman
|
|
when:
|
|
- (step | int) == 3
|
|
- container_cli == 'podman'
|
|
include_role:
|
|
name: tripleo_podman
|
|
tasks_from: tripleo_podman_purge.yml
|