tripleo-heat-templates/deployment/podman/podman-baremetal-ansible.yaml
Kevin Carter 51469aab2e
Add second fact to ensure type safty
The logins json can be both a hash and a string, depending on how it is
being set by the deployer. To ensure that we're able to cover both cases
this change will test the initial data type and react accordingly.

Change-Id: I443bc36ca8808e1547da37f207b011031120067f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-09-27 14:47:05 -05:00

203 lines
7.0 KiB
YAML

heat_template_version: rocky
description: >
Configures podman on the host
parameters:
DockerInsecureRegistryAddress:
description: Optional. The IP Address and Port of an insecure docker
namespace that will be configured in /etc/sysconfig/docker.
The value can be multiple addresses separated by commas.
type: comma_delimited_list
default: []
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
ContainerImageRegistryLogin:
type: boolean
default: false
description: Flag to enable container registry login actions during the deployment.
Setting this to true will cause login calls to be performed during the
deployment.
ContainerImageRegistryCredentials:
type: json
hidden: true
default: {}
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
SystemdDropInDependencies:
default: true
description: tell the container manager (e.g. paunch) to inject
additional ordering dependencies for the systemd
scopes associated to podman containers.
type: boolean
conditions:
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
systemd_drop_in_dependencies_enabled: {get_param: SystemdDropInDependencies}
outputs:
role_data:
description: Role data for the podman service
value:
service_name: podman
config_settings: {}
step_config: ''
host_prep_tasks:
- name: Install and configure Podman
block: &install_and_configure_podman
- name: Set login facts
set_fact:
container_registry_insecure_registries:
if:
- insecure_registry_is_empty
- []
- {get_param: DockerInsecureRegistryAddress}
container_registry_login: {get_param: ContainerImageRegistryLogin}
# default that is overwritten by the heat -> dict conversion
container_registry_logins: {}
container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
- name: Convert logins json to dict
set_fact:
container_registry_logins: "{{ container_registry_logins_json | from_json }}"
when:
- container_registry_logins_json is string
- container_registry_login | bool
- (container_registry_logins_json | length) > 0
- name: Set registry logins
set_fact:
container_registry_logins: "{{ container_registry_logins_json }}"
when:
- container_registry_logins_json is mapping
- container_registry_login | bool
- (container_registry_logins_json | length) > 0
- name: Run podman install
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_install.yml
vars_from: "redhat.yml"
vars:
tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}"
- name: Run podman login
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_login.yml
vars:
tripleo_container_registry_logins: "{{ container_registry_logins }}"
tripleo_container_registry_login: "{{ container_registry_login | bool }}"
- if:
- systemd_drop_in_dependencies_enabled
- - name: Configure paunch to generate systemd drop-in dependencies
copy:
dest: /etc/sysconfig/podman_drop_in
content: |
This file makes paunch generate additional systemd
dependencies for containers that have special
start/stop ordering constraints. It ensures that
those constraints are enforced on reboot/shutdown.
- - name: Configure paunch to not generate drop-in dependencies
file:
path: /etc/sysconfig/podman_drop_in
state: absent
service_config_settings: {}
upgrade_tasks:
- name: system_upgrade_prepare step 2
tags:
- never
- system_upgrade
- system_upgrade_prepare
when:
- (step | int) == 2
block:
- name: Check if pcs is present
stat:
path: /usr/sbin/pcs
register: pcs_stat
- name: Stop pacemaker cluster before stopping all docker containers
pacemaker_cluster: state=offline
when: pcs_stat.stat.exists
- name: Destroy pacemaker cluster
command: /usr/sbin/pcs cluster destroy
when: pcs_stat.stat.exists
- name: Stop all services by stopping all docker containers
include_role:
name: tripleo-podman
tasks_from: tripleo_docker_stop.yml
tags:
- never
- system_upgrade
- system_upgrade_prepare
- name: Run podman install
when:
- (step | int) == 1
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_install.yml
vars_from: "redhat.yml"
post_upgrade_tasks:
- name: Purge everything about docker on the host
when:
- (step | int) == 3
include_role:
name: tripleo-podman
tasks_from: tripleo_docker_purge.yml
- name: Stop docker
include_role:
name: tripleo-podman
tasks_from: tripleo_docker_stop.yml
- name: Purge Podman
when:
- (step | int) == 3
- container_cli == 'podman'
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_purge.yml
post_update_tasks:
- name: Purge Podman
when:
- (step | int) == 3
- container_cli == 'podman'
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_purge.yml