Merge "Refactor Ansible playbook for download and push images"
This commit is contained in:
Zuul
@@ -167,3 +167,13 @@
|
||||
systemd:
|
||||
name: docker-distribution
|
||||
state: restarted
|
||||
|
||||
- name: Update /etc/hosts with local registry host
|
||||
command: >-
|
||||
sed -i -e 's|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'\t'$LOCAL_REGISTRY'|g' /etc/hosts
|
||||
args:
|
||||
warn: false
|
||||
environment:
|
||||
CONTROLLER_ADDRESS: "{{ controller_floating_address }}"
|
||||
CONTROLLER: "controller"
|
||||
LOCAL_REGISTRY: "registry.local"
|
||||
|
||||
@@ -52,7 +52,8 @@
|
||||
import_tasks: bringup_local_registry.yml
|
||||
|
||||
- name: Push images to local docker registry
|
||||
import_tasks: push_images_to_local_registry.yml
|
||||
import_role:
|
||||
name: common/push-docker-images
|
||||
|
||||
- name: Bring up Kubernetes master
|
||||
import_tasks: bringup_kubemaster.yml
|
||||
|
||||
@@ -1,242 +0,0 @@
|
||||
---
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# SUB-TASKS DESCRIPTION:
|
||||
# This task is to pre-pull platform images from public/private registries
|
||||
# and push images to the local registry.
|
||||
# - Update /etc/hosts with registry.local
|
||||
# - Login to k8s/gcr/quay/docker registries if applicable
|
||||
# - Login to local registry with its credentials
|
||||
# - Pull platform images from k8s/gcr/quay/docker registries
|
||||
# and push them to local registry
|
||||
# - Logout of k8s/gcr/quay/docker registries if applicable
|
||||
# - Logout of local registry
|
||||
# - Remove registry.local from /etc/hosts
|
||||
|
||||
- name: Update /etc/hosts with local registry host
|
||||
command: >-
|
||||
sed -i -e 's|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'\t'$LOCAL_REGISTRY'|g' /etc/hosts
|
||||
args:
|
||||
warn: false
|
||||
environment:
|
||||
CONTROLLER_ADDRESS: "{{ controller_floating_address }}"
|
||||
CONTROLLER: "controller"
|
||||
LOCAL_REGISTRY: "registry.local"
|
||||
|
||||
- name: Get kubernetes version
|
||||
command: "sed -n 's|^kubernetesVersion: \\(.*\\)$|\\1|p' {{ kube_admin_yaml_template }}"
|
||||
args:
|
||||
warn: false
|
||||
register: kubernetes_version
|
||||
|
||||
- name: Get the list of kubernetes images
|
||||
shell: "kubeadm config images list --kubernetes-version {{ kubernetes_version.stdout }}
|
||||
--image-repository {{ k8s_registry.url }} | grep -v etcd"
|
||||
register: kubernetes_images_output
|
||||
|
||||
- set_fact:
|
||||
kubernetes_images: "{{ kubernetes_images_output.stdout_lines }}"
|
||||
|
||||
- name: Update Tiller, Armada, Calico, Multus, Sriov image tags
|
||||
set_fact:
|
||||
tiller_img: "{{ tiller_img | regex_replace('gcr.io', '{{ gcr_registry.url }}') }}"
|
||||
armada_img: "{{ armada_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_cni_img: "{{ calico_cni_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_node_img: "{{ calico_node_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_kube_controllers_img: "{{ calico_kube_controllers_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
multus_img: "{{ multus_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
sriov_cni_img: "{{ sriov_cni_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
sriov_network_device_img: "{{ sriov_network_device_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
|
||||
- name: Get the list of platform images
|
||||
set_fact:
|
||||
platform_images:
|
||||
- "{{ tiller_img }}"
|
||||
- "{{ armada_img }}"
|
||||
- "{{ calico_cni_img }}"
|
||||
- "{{ calico_node_img }}"
|
||||
- "{{ calico_kube_controllers_img }}"
|
||||
- "{{ multus_img }}"
|
||||
- "{{ sriov_cni_img }}"
|
||||
- "{{ sriov_network_device_img }}"
|
||||
|
||||
- block:
|
||||
- name: Update additional image tags if applicable
|
||||
shell: >-
|
||||
echo {{ item }} | sed 's|quay.io|{{ quay_registry.url }}|g' | sed 's|docker.io|{{ docker_registry.url }}|g' |
|
||||
sed 's|k8s.gcr.io|{{ k8s_registry.url }}|g' | sed 's|gcr.io|{{ gcr_registry.url }}|g'
|
||||
with_items: "{{ additional_local_registry_images }}"
|
||||
register: images
|
||||
|
||||
- set_fact:
|
||||
additional_images: "{{ images.results | map(attribute='stdout') | list }}"
|
||||
when: additional_local_registry_images
|
||||
|
||||
- name: Set the download images list
|
||||
set_fact:
|
||||
download_images_list:
|
||||
"{{ (kubernetes_images + platform_images + additional_images) if additional_images is defined
|
||||
else (kubernetes_images + platform_images) }}"
|
||||
|
||||
- set_fact:
|
||||
download_images: "{{ download_images_list | join(',') }}"
|
||||
|
||||
- debug: var=download_images_list
|
||||
|
||||
- block:
|
||||
- block:
|
||||
- name: Get the k8s registry credentials if registry type is AWS ECR
|
||||
script: get_registry_auth.py {{ k8s_registry.url }} {{ k8s_registry.username }} {{ k8s_registry.password }}
|
||||
register: k8s_registry_auth_output
|
||||
|
||||
- set_fact:
|
||||
k8s_registry_auth: "{{ k8s_registry_auth_output.stdout }}"
|
||||
- set_fact:
|
||||
k8s_registry: "{{ k8s_registry | combine(k8s_registry_auth, recursive=true) }}"
|
||||
when: k8s_registry.type is defined and k8s_registry.type == 'aws-ecr'
|
||||
|
||||
- name: Log in to k8s registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ k8s_registry['url'] }}"
|
||||
username: "{{ k8s_registry['username'] }}"
|
||||
password: "{{ k8s_registry['password'] }}"
|
||||
when: k8s_registry.username is defined
|
||||
|
||||
- block:
|
||||
- block:
|
||||
- name: Get the gcr registry credentials if registry type is AWS ECR
|
||||
script: get_registry_auth.py {{ gcr_registry.url }} {{ gcr_registry.username }} {{ gcr_registry.password }}
|
||||
register: gcr_registry_auth_output
|
||||
|
||||
- set_fact:
|
||||
gcr_registry_auth: "{{ gcr_registry_auth_output.stdout }}"
|
||||
- set_fact:
|
||||
gcr_registry: "{{ gcr_registry | combine(gcr_registry_auth, recursive=true) }}"
|
||||
when: gcr_registry.type is defined and gcr_registry.type == 'aws-ecr'
|
||||
|
||||
- name: Log in to gcr registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ gcr_registry['url'] }}"
|
||||
username: "{{ gcr_registry['username'] }}"
|
||||
password: "{{ gcr_registry['password'] }}"
|
||||
when: gcr_registry.username is defined
|
||||
|
||||
- block:
|
||||
- block:
|
||||
- name: Get the quay registry credentials if registry type is AWS ECR
|
||||
script: get_registry_auth.py {{ quay_registry.url }} {{ quay_registry.username }} {{ quay_registry.password }}
|
||||
register: quay_registry_auth_output
|
||||
|
||||
- set_fact:
|
||||
quay_registry_auth: "{{ quay_registry_auth_output.stdout }}"
|
||||
- set_fact:
|
||||
quay_registry: "{{ quay_registry | combine(quay_registry_auth, recursive=true) }}"
|
||||
when: quay_registry.type is defined and quay_registry.type == 'aws-ecr'
|
||||
|
||||
- name: Log in to quay registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ quay_registry['url'] }}"
|
||||
username: "{{ quay_registry['username'] }}"
|
||||
password: "{{ quay_registry['password'] }}"
|
||||
when: quay_registry.username is defined
|
||||
|
||||
- block:
|
||||
- block:
|
||||
- name: Get the docker registry credentials if registry type is AWS ECR
|
||||
script: get_registry_auth.py {{ docker_registry.url }} {{ docker_registry.username }} {{ docker_registry.password }}
|
||||
register: docker_registry_auth_output
|
||||
|
||||
- set_fact:
|
||||
docker_registry_auth: "{{ docker_registry_auth_output.stdout }}"
|
||||
- set_fact:
|
||||
docker_registry: "{{ docker_registry | combine(docker_registry_auth, recursive=true) }}"
|
||||
when: docker_registry.type is defined and docker_registry.type == 'aws-ecr'
|
||||
|
||||
- name: Log in to docker registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ docker_registry['url'] }}"
|
||||
username: "{{ docker_registry['username'] }}"
|
||||
password: "{{ docker_registry['password'] }}"
|
||||
when: docker_registry.username is defined
|
||||
|
||||
- name: Get local registry credentials
|
||||
vars:
|
||||
script_content: |
|
||||
import keyring
|
||||
password = str(keyring.get_password("CGCS", "admin"))
|
||||
if not password:
|
||||
raise Exception("Local registry password not found.")
|
||||
print dict(username='admin', password=password)
|
||||
shell: "{{ script_content }}"
|
||||
args:
|
||||
executable: /usr/bin/python
|
||||
register: local_registry_credentials_output
|
||||
|
||||
- set_fact:
|
||||
local_registry_credentials: "{{ local_registry_credentials_output.stdout }}"
|
||||
|
||||
- name: Log in to local registry
|
||||
docker_login:
|
||||
registry: "{{ local_registry }}"
|
||||
username: "{{ local_registry_credentials['username'] }}"
|
||||
password: "{{ local_registry_credentials['password'] }}"
|
||||
|
||||
- name: Download images and push to local registry
|
||||
script: download_images.py {{ download_images }}
|
||||
register: download_images_output
|
||||
|
||||
- debug:
|
||||
msg: "{{ download_images_output.stdout_lines }}"
|
||||
|
||||
- name: Log out of k8s registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ k8s_registry['url'] }}"
|
||||
state: absent
|
||||
when: k8s_registry.username is defined
|
||||
|
||||
- name: Log out of gcr registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ gcr_registry['url'] }}"
|
||||
state: absent
|
||||
when: gcr_registry.username is defined
|
||||
|
||||
- name: Log out of quay registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ quay_registry['url'] }}"
|
||||
state: absent
|
||||
when: quay_registry.username is defined
|
||||
|
||||
- name: Log out of docker registry if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ docker_registry['url'] }}"
|
||||
state: absent
|
||||
when: docker_registry.username is defined
|
||||
|
||||
- name: Log out of local registry
|
||||
docker_login:
|
||||
registry: "{{ local_registry }}"
|
||||
state: absent
|
||||
|
||||
- name: Strip out port from Tiller, Armada, Calico, Multus, Sriov image tags
|
||||
set_fact:
|
||||
tiller_img: "{{ tiller_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
armada_img: "{{ armada_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_cni_img: "{{ calico_cni_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_node_img: "{{ calico_node_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_kube_controllers_img: "{{ calico_kube_controllers_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
multus_img: "{{ multus_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
sriov_cni_img: "{{ sriov_cni_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
sriov_network_device_img: "{{ sriov_network_device_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
|
||||
- name: Remove local registry host from /etc/hosts
|
||||
command: >-
|
||||
sed -i -e 's|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'\t'$LOCAL_REGISTRY'|'$CONTROLLER_ADDRESS'\t'$CONTROLLER'|g' /etc/hosts
|
||||
args:
|
||||
warn: false
|
||||
environment:
|
||||
CONTROLLER_ADDRESS: "{{ controller_floating_address }}"
|
||||
CONTROLLER: "controller"
|
||||
LOCAL_REGISTRY: "registry.local"
|
||||
@@ -0,0 +1,24 @@
|
||||
---
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
# SUB-TASKS DESCRIPTION:
|
||||
# Get aws ecr credentials
|
||||
#
|
||||
|
||||
- block:
|
||||
- name: Get the {{ registry.name }} credentials
|
||||
script: get_registry_auth.py {{ registry.value.url }} {{ registry.value.username }} {{ registry.value.password }}
|
||||
register: registry_auth_output
|
||||
|
||||
- set_fact:
|
||||
registry_auth: "{{ registry_auth_output.stdout }}"
|
||||
- set_fact:
|
||||
"{{ registry.name }}":
|
||||
url: "{{ registry.value.url }}"
|
||||
type: "{{ registry.value.type }}"
|
||||
username: "{{ registry_auth.username }}"
|
||||
password: "{{ registry_auth.password }}"
|
||||
|
||||
when: registry.value.username is defined
|
||||
@@ -0,0 +1,55 @@
|
||||
---
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# SUB-TASKS DESCRIPTION:
|
||||
# Query a registry from Sysinv via Sysinv CLI
|
||||
|
||||
- block:
|
||||
- name: Query the {{ registry.name }}
|
||||
shell: >-
|
||||
source /etc/platform/openrc; system service-parameter-list --nowrap |
|
||||
awk '{if ($6 == "{{ registry.name | regex_replace('_', '-') }}") print $8"="$10;}'
|
||||
register: running_registry_output
|
||||
|
||||
- set_fact:
|
||||
running_registry:
|
||||
"{{ running_registry|default({}) | combine({inner_item.split('=')[0]:inner_item.split('=')[1]}, recursive=True) }}"
|
||||
with_items: "{{ running_registry_output.stdout_lines }}"
|
||||
loop_control:
|
||||
loop_var: inner_item
|
||||
|
||||
- block:
|
||||
- name: Validate {{ registry.name }} information if it exists
|
||||
fail:
|
||||
msg: "{{ registry.name }}'s url doesn't exist"
|
||||
when: running_registry['url'] is not defined
|
||||
|
||||
- block:
|
||||
- name: Get the {{ registry.name }} barbican secret if it's authenticated
|
||||
shell: >-
|
||||
source /etc/platform/openrc; openstack secret get {{ running_registry['auth-secret'] }} -p -f value
|
||||
register: registry_credentials
|
||||
|
||||
- name: Validate {{ registry.name }} secret
|
||||
fail:
|
||||
msg: "Unknown format of the {{ registry.name }} secret"
|
||||
when: (registry_credentials.stdout is not search('username:') or
|
||||
registry_credentials.stdout is not search('password:'))
|
||||
|
||||
- set_fact:
|
||||
registry_username: "{{ registry_credentials.stdout.split()[0].split('username:')[1] }}"
|
||||
registry_password: "{{ registry_credentials.stdout.split()[1].split('password:')[1] }}"
|
||||
when: registry_credentials.stdout | length > 0
|
||||
|
||||
- set_fact:
|
||||
running_registry:
|
||||
"{{ running_registry | combine(
|
||||
{'username': registry_username, 'password': registry_password}, recursive=True) }}"
|
||||
when: running_registry['auth-secret'] is defined
|
||||
when: running_registry is defined
|
||||
|
||||
- set_fact:
|
||||
"{{ registry.name }}": "{{ registry.value if running_registry is not defined else running_registry }}"
|
||||
@@ -0,0 +1,191 @@
|
||||
---
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# ROLE DESCRIPTION:
|
||||
# This role is to perform tasks that download container images
|
||||
# from public/private registries and push to local registry.
|
||||
#
|
||||
|
||||
- name: Get docker registries if upgrade kubernetes or k8s networking
|
||||
include: get_docker_registry.yml registry={{ item }}
|
||||
with_items:
|
||||
- { name: 'k8s_registry', value: { url: 'k8s.gcr.io' } }
|
||||
- { name: 'gcr_registry', value: { url: 'gcr.io' } }
|
||||
- { name: 'quay_registry', value: { url: 'quay.io' } }
|
||||
- { name: 'docker_registry', value: { url: 'docker.io' } }
|
||||
when: upgrade_k8s_networking is defined or
|
||||
upgrade_kubernetes is defined
|
||||
|
||||
# Disable the log to not expose registry password
|
||||
- name: Get registry credentials if registry type is AWS ECR
|
||||
include: get_aws_ecr_credentials.yml registry={{ item }}
|
||||
with_items:
|
||||
- { name: "k8s_registry", value: "{{ k8s_registry }}" }
|
||||
- { name: "gcr_registry", value: "{{ gcr_registry }}" }
|
||||
- { name: "quay_registry", value: "{{ quay_registry }}" }
|
||||
- { name: "docker_registry", value: "{{ docker_registry }}" }
|
||||
when: registry.value.type is defined and
|
||||
registry.value.type == 'aws-ecr'
|
||||
no_log: true
|
||||
|
||||
- block:
|
||||
- name: Get kubernetes version from template
|
||||
command: "sed -n 's|^kubernetesVersion: \\(.*\\)$|\\1|p' {{ kube_admin_yaml_template }}"
|
||||
args:
|
||||
warn: false
|
||||
register: kubernetes_version_output
|
||||
|
||||
- set_fact:
|
||||
kubernetes_version: "{{ kubernetes_version_output.stdout }}"
|
||||
when: upgrade_kubernetes is not defined
|
||||
|
||||
- name: Get the list of kubernetes images
|
||||
shell: "kubeadm config images list --kubernetes-version {{ kubernetes_version }}
|
||||
--image-repository {{ k8s_registry.url }} | grep -v etcd"
|
||||
register: kubernetes_images_output
|
||||
when: k8s_registry.url is defined and kubernetes_version is defined
|
||||
|
||||
- set_fact:
|
||||
kubernetes_images: "{{ kubernetes_images_output.stdout_lines }}"
|
||||
|
||||
- name: Update Tiller, Armada, Calico, Multus, Sriov image tags
|
||||
set_fact:
|
||||
tiller_img: "{{ tiller_img | regex_replace('gcr.io', '{{ gcr_registry.url }}') }}"
|
||||
armada_img: "{{ armada_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_cni_img: "{{ calico_cni_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_node_img: "{{ calico_node_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
calico_kube_controllers_img: "{{ calico_kube_controllers_img | regex_replace('quay.io', '{{ quay_registry.url }}') }}"
|
||||
multus_img: "{{ multus_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
sriov_cni_img: "{{ sriov_cni_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
sriov_network_device_img: "{{ sriov_network_device_img | regex_replace('docker.io', '{{ docker_registry.url }}') }}"
|
||||
|
||||
- name: Get the list of platform images
|
||||
set_fact:
|
||||
networking_images:
|
||||
- "{{ calico_cni_img }}"
|
||||
- "{{ calico_node_img }}"
|
||||
- "{{ calico_kube_controllers_img }}"
|
||||
- "{{ multus_img }}"
|
||||
- "{{ sriov_cni_img }}"
|
||||
- "{{ sriov_network_device_img }}"
|
||||
tiller_armada_images:
|
||||
- "{{ tiller_img }}"
|
||||
- "{{ armada_img }}"
|
||||
|
||||
- block:
|
||||
- name: Update additional image tags if applicable
|
||||
shell: >-
|
||||
echo {{ item }} |
|
||||
sed 's|quay.io|{{ quay_registry.url }}|g' |
|
||||
sed 's|docker.io|{{ docker_registry.url }}|g' |
|
||||
sed 's|k8s.gcr.io|{{ k8s_registry.url }}|g' |
|
||||
sed 's|gcr.io|{{ gcr_registry.url }}|g' |
|
||||
sed 's|docker.elastic.co|{{ elastic_registry.url }}|g'
|
||||
with_items: "{{ additional_local_registry_images }}"
|
||||
register: images
|
||||
|
||||
- set_fact:
|
||||
additional_images: "{{ images.results | map(attribute='stdout') | list }}"
|
||||
when: additional_local_registry_images is defined and
|
||||
additional_local_registry_images | length > 0
|
||||
|
||||
# Download all system images and additional images if bootstrap
|
||||
- name: Set download images list
|
||||
set_fact:
|
||||
download_images_list:
|
||||
"{{ (kubernetes_images + networking_images + tiller_armada_images + additional_images)
|
||||
if additional_images is defined else (kubernetes_images + networking_images + tiller_armada_images) }}"
|
||||
when: (upgrade_kubernetes is not defined and
|
||||
upgrade_k8s_networking is not defined)
|
||||
|
||||
# Only download k8s networking images if k8s networking upgrade
|
||||
- name: Set download images list to k8s network images if upgrading k8s networking
|
||||
set_fact:
|
||||
download_images_list: "{{ download_images_list|default([]) + networking_images }}"
|
||||
when: upgrade_k8s_networking is defined and upgrade_k8s_networking
|
||||
|
||||
# Only download kubernetes images if kubernetes upgrade
|
||||
- name: Set download images list to kubernetes images if upgrading kubernetes
|
||||
set_fact:
|
||||
download_images_list: "{{ download_images_list|default([]) + kubernetes_images }}"
|
||||
when: upgrade_kubernetes is defined and upgrade_kubernetes
|
||||
|
||||
- set_fact:
|
||||
download_images: "{{ download_images_list | join(',') }}"
|
||||
|
||||
- debug: var=download_images_list
|
||||
|
||||
# Disable the log to not expose registry password
|
||||
- name: Log in k8s, gcr, quay, docker registries if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ item['url'] }}"
|
||||
username: "{{ item['username'] }}"
|
||||
password: "{{ item['password'] }}"
|
||||
with_items:
|
||||
- "{{ k8s_registry }}"
|
||||
- "{{ gcr_registry }}"
|
||||
- "{{ quay_registry }}"
|
||||
- "{{ docker_registry }}"
|
||||
when: item.username is defined
|
||||
no_log: true
|
||||
|
||||
- name: Get local registry credentials
|
||||
vars:
|
||||
script_content: |
|
||||
import keyring
|
||||
password = str(keyring.get_password("CGCS", "admin"))
|
||||
if not password:
|
||||
raise Exception("Local registry password not found.")
|
||||
print dict(username='admin', password=password)
|
||||
shell: "{{ script_content }}"
|
||||
args:
|
||||
executable: /usr/bin/python
|
||||
register: local_registry_credentials_output
|
||||
|
||||
- set_fact:
|
||||
local_registry_credentials: "{{ local_registry_credentials_output.stdout }}"
|
||||
|
||||
- name: Log in to local registry
|
||||
docker_login:
|
||||
registry: "{{ local_registry }}"
|
||||
username: "{{ local_registry_credentials['username'] }}"
|
||||
password: "{{ local_registry_credentials['password'] }}"
|
||||
|
||||
- name: Download images and push to local registry
|
||||
script: download_images.py {{ download_images }}
|
||||
register: download_images_output
|
||||
|
||||
- debug:
|
||||
msg: "{{ download_images_output.stdout_lines }}"
|
||||
|
||||
# Disable the log to not expose registry password
|
||||
- name: Log out of k8s, gcr, quay, docker registries if credentials exist
|
||||
docker_login:
|
||||
registry: "{{ item['url'] }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ k8s_registry }}"
|
||||
- "{{ gcr_registry }}"
|
||||
- "{{ quay_registry }}"
|
||||
- "{{ docker_registry }}"
|
||||
when: item.username is defined
|
||||
no_log: true
|
||||
|
||||
- name: Log out of local registry
|
||||
docker_login:
|
||||
registry: "{{ local_registry }}"
|
||||
state: absent
|
||||
|
||||
- name: Strip out port from Tiller, Armada, Calico, Multus, Sriov image tags
|
||||
set_fact:
|
||||
tiller_img: "{{ tiller_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
armada_img: "{{ armada_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_cni_img: "{{ calico_cni_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_node_img: "{{ calico_node_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
calico_kube_controllers_img: "{{ calico_kube_controllers_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
multus_img: "{{ multus_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
sriov_cni_img: "{{ sriov_cni_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
sriov_network_device_img: "{{ sriov_network_device_img | regex_replace(':[0-9]+/', '/') }}"
|
||||
@@ -7,6 +7,9 @@
|
||||
|
||||
- hosts: all
|
||||
|
||||
vars:
|
||||
upgrade_k8s_networking: true
|
||||
|
||||
tasks:
|
||||
|
||||
# TODO(kbujold): This comment from the review will be implemented in a separate submission.
|
||||
@@ -31,41 +34,22 @@
|
||||
shell: "grep cluster-host-subnet /tmp/addrpool.txt | awk '{print $14}'"
|
||||
register: cluster_floating_address
|
||||
|
||||
- name: Query the quay-registry
|
||||
shell: >-
|
||||
source /etc/platform/openrc; system service-parameter-list --nowrap |
|
||||
awk '{if ($6 == "quay-registry" && $8 == "url") print $10;}'
|
||||
register: running_quay_registry
|
||||
|
||||
- name: Query the docker-registry
|
||||
shell: >-
|
||||
source /etc/platform/openrc; system service-parameter-list --nowrap |
|
||||
awk '{if ($6 == "docker-registry" && $8 == "url") print $10;}'
|
||||
register: running_docker_registry
|
||||
|
||||
- name: Set default registries
|
||||
set_fact:
|
||||
default_quay_registry:
|
||||
url: "quay.io"
|
||||
|
||||
default_docker_registry:
|
||||
url: "docker.io"
|
||||
|
||||
- name: Set networking and registry facts
|
||||
- name: Set networking facts
|
||||
set_fact:
|
||||
kubelet_cni_bin_dir: "/usr/libexec/cni"
|
||||
cluster_pod_subnet: "{{ cluster_pod_subnet.stdout }}"
|
||||
cluster_network_ipv4: "{{ cluster_pod_subnet.stdout | ipv4 }}"
|
||||
cluster_network_ipv6: "{{ cluster_pod_subnet.stdout | ipv6 }}"
|
||||
cluster_floating_address: "{{ cluster_floating_address.stdout }}"
|
||||
quay_registry:
|
||||
url:
|
||||
"{{ running_quay_registry.stdout if (running_quay_registry.stdout|length > 0)
|
||||
else default_quay_registry.url}}"
|
||||
docker_registry:
|
||||
url:
|
||||
"{{ running_docker_registry.stdout if (running_docker_registry.stdout|length > 0)
|
||||
else default_docker_registry.url}}"
|
||||
|
||||
- name: Set images facts
|
||||
include_vars:
|
||||
dir: "roles/bootstrap/bringup-essential-services/vars"
|
||||
files_matching: main.yml
|
||||
|
||||
- name: Upgrade k8s networking images
|
||||
import_role:
|
||||
name: common/push-docker-images
|
||||
|
||||
- name: Create Calico config file
|
||||
template:
|
||||
|
||||
Reference in New Issue
Block a user