51469aab2e
The logins json can be both a hash and a string, depending on how it is being set by the deployer. To ensure that we're able to cover both cases this change will test the initial data type and react accordingly. Change-Id: I443bc36ca8808e1547da37f207b011031120067f Signed-off-by: Kevin Carter <kecarter@redhat.com>
203 lines
7.0 KiB
YAML
203 lines
7.0 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Configures podman on the host
|
|
|
|
parameters:
|
|
DockerInsecureRegistryAddress:
|
|
description: Optional. The IP Address and Port of an insecure docker
|
|
namespace that will be configured in /etc/sysconfig/docker.
|
|
The value can be multiple addresses separated by commas.
|
|
type: comma_delimited_list
|
|
default: []
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
ContainerImageRegistryLogin:
|
|
type: boolean
|
|
default: false
|
|
description: Flag to enable container registry login actions during the deployment.
|
|
Setting this to true will cause login calls to be performed during the
|
|
deployment.
|
|
ContainerImageRegistryCredentials:
|
|
type: json
|
|
hidden: true
|
|
default: {}
|
|
description: |
|
|
Mapping of image registry hosts to login credentials. Must be in the following example format
|
|
|
|
docker.io:
|
|
username: pa55word
|
|
'192.0.2.1:8787':
|
|
registry_username: password
|
|
SystemdDropInDependencies:
|
|
default: true
|
|
description: tell the container manager (e.g. paunch) to inject
|
|
additional ordering dependencies for the systemd
|
|
scopes associated to podman containers.
|
|
type: boolean
|
|
|
|
conditions:
|
|
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
|
|
systemd_drop_in_dependencies_enabled: {get_param: SystemdDropInDependencies}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the podman service
|
|
value:
|
|
service_name: podman
|
|
config_settings: {}
|
|
step_config: ''
|
|
host_prep_tasks:
|
|
- name: Install and configure Podman
|
|
block: &install_and_configure_podman
|
|
- name: Set login facts
|
|
set_fact:
|
|
container_registry_insecure_registries:
|
|
if:
|
|
- insecure_registry_is_empty
|
|
- []
|
|
- {get_param: DockerInsecureRegistryAddress}
|
|
container_registry_login: {get_param: ContainerImageRegistryLogin}
|
|
# default that is overwritten by the heat -> dict conversion
|
|
container_registry_logins: {}
|
|
container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
|
|
|
|
- name: Convert logins json to dict
|
|
set_fact:
|
|
container_registry_logins: "{{ container_registry_logins_json | from_json }}"
|
|
when:
|
|
- container_registry_logins_json is string
|
|
- container_registry_login | bool
|
|
- (container_registry_logins_json | length) > 0
|
|
|
|
- name: Set registry logins
|
|
set_fact:
|
|
container_registry_logins: "{{ container_registry_logins_json }}"
|
|
when:
|
|
- container_registry_logins_json is mapping
|
|
- container_registry_login | bool
|
|
- (container_registry_logins_json | length) > 0
|
|
|
|
- name: Run podman install
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_podman_install.yml
|
|
vars_from: "redhat.yml"
|
|
vars:
|
|
tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}"
|
|
|
|
- name: Run podman login
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_podman_login.yml
|
|
vars:
|
|
tripleo_container_registry_logins: "{{ container_registry_logins }}"
|
|
tripleo_container_registry_login: "{{ container_registry_login | bool }}"
|
|
|
|
- if:
|
|
- systemd_drop_in_dependencies_enabled
|
|
- - name: Configure paunch to generate systemd drop-in dependencies
|
|
copy:
|
|
dest: /etc/sysconfig/podman_drop_in
|
|
content: |
|
|
This file makes paunch generate additional systemd
|
|
dependencies for containers that have special
|
|
start/stop ordering constraints. It ensures that
|
|
those constraints are enforced on reboot/shutdown.
|
|
- - name: Configure paunch to not generate drop-in dependencies
|
|
file:
|
|
path: /etc/sysconfig/podman_drop_in
|
|
state: absent
|
|
|
|
service_config_settings: {}
|
|
|
|
upgrade_tasks:
|
|
- name: system_upgrade_prepare step 2
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
when:
|
|
- (step | int) == 2
|
|
block:
|
|
- name: Check if pcs is present
|
|
stat:
|
|
path: /usr/sbin/pcs
|
|
register: pcs_stat
|
|
- name: Stop pacemaker cluster before stopping all docker containers
|
|
pacemaker_cluster: state=offline
|
|
when: pcs_stat.stat.exists
|
|
- name: Destroy pacemaker cluster
|
|
command: /usr/sbin/pcs cluster destroy
|
|
when: pcs_stat.stat.exists
|
|
- name: Stop all services by stopping all docker containers
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_docker_stop.yml
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
|
|
- name: Run podman install
|
|
when:
|
|
- (step | int) == 1
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_podman_install.yml
|
|
vars_from: "redhat.yml"
|
|
|
|
post_upgrade_tasks:
|
|
- name: Purge everything about docker on the host
|
|
when:
|
|
- (step | int) == 3
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_docker_purge.yml
|
|
|
|
- name: Stop docker
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_docker_stop.yml
|
|
|
|
- name: Purge Podman
|
|
when:
|
|
- (step | int) == 3
|
|
- container_cli == 'podman'
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_podman_purge.yml
|
|
|
|
post_update_tasks:
|
|
- name: Purge Podman
|
|
when:
|
|
- (step | int) == 3
|
|
- container_cli == 'podman'
|
|
include_role:
|
|
name: tripleo-podman
|
|
tasks_from: tripleo_podman_purge.yml
|