9117b24139
We need ca_dir to copy the certs in, but when we run in multi-node cases the use-buildset-registry invocation is in a separate place so we dont' leak the var in. This will get deleted in the next patch, but that patch is not working and we need this to unbreak the multi-arch functionality for nodepool. Change-Id: I4f92f0415fb471f304fdd0a1e576812c8d67ab24
84 lines
2.8 KiB
YAML
84 lines
2.8 KiB
YAML
- name: Include OS-specific variables
|
|
include_vars: "{{ zj_distro_os }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
|
|
- "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
|
|
- "{{ ansible_distribution }}.yaml"
|
|
- "{{ ansible_os_family }}.yaml"
|
|
- "default.yaml"
|
|
loop_control:
|
|
loop_var: zj_distro_os
|
|
|
|
- name: Make tempfile for buildkit.toml
|
|
tempfile:
|
|
state: file
|
|
register: buildkit_toml_tmp
|
|
|
|
- name: Write buildkit.toml file
|
|
template:
|
|
dest: '{{ buildkit_toml_tmp.path }}'
|
|
src: buildkitd.toml.j2
|
|
|
|
- name: Run binfmt container
|
|
command: docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
|
|
- name: Create builder
|
|
command: 'docker buildx create --name mybuilder --driver-opt network=host --config {{ buildkit_toml_tmp.path }}'
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
|
|
- name: Use builder
|
|
command: docker buildx use mybuilder
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
|
|
- name: Bootstrap builder
|
|
command: docker buildx inspect --bootstrap
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
|
|
- name: Copy buildset registry TLS cert into worker container
|
|
command: "docker cp {{ ca_dir }}/buildset-registry.crt buildx_buildkit_mybuilder0:/usr/local/share/ca-certificates"
|
|
|
|
- name: Update CA certs in worker container
|
|
command: docker exec buildx_buildkit_mybuilder0 update-ca-certificates
|
|
|
|
- name: Make tempfile for /etc/hosts
|
|
tempfile:
|
|
state: file
|
|
register: etc_hosts_tmp
|
|
|
|
- name: Copy /etc/hosts for editing
|
|
command: 'docker cp buildx_buildkit_mybuilder0:/etc/hosts {{ etc_hosts_tmp.path }}'
|
|
|
|
# Docker buildx has its own /etc/hosts in the builder image.
|
|
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
|
|
become: yes
|
|
lineinfile:
|
|
path: '{{ etc_hosts_tmp.path }}'
|
|
state: present
|
|
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$"
|
|
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry"
|
|
insertafter: EOF
|
|
when: buildset_registry is defined and buildset_registry.host | ipaddr
|
|
|
|
- name: Unmount the /etc/hosts mount
|
|
command: docker exec buildx_buildkit_mybuilder0 umount /etc/hosts
|
|
|
|
# NOTE(mordred) This is done in two steps. Even though we've unmounted /etc/hosts
|
|
# in the previous step, when we try to copy the file back directly, we get:
|
|
# unlinkat /etc/hosts: device or resource busy
|
|
- name: Copy modified hosts file back in
|
|
command: 'docker cp {{ etc_hosts_tmp.path }} buildx_buildkit_mybuilder0:/etc/new-hosts'
|
|
|
|
- name: Copy modified hosts file into place
|
|
command: docker exec buildx_buildkit_mybuilder0 cp /etc/new-hosts /etc/hosts
|
|
|
|
- name: Remove tempfile for /etc/hosts
|
|
file:
|
|
state: absent
|
|
path: '{{ etc_hosts_tmp.path }}'
|
|
|