From 00cc4aa038e4c806c13737c1083345beb0357b00 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 4 Apr 2020 16:10:47 -0400 Subject: [PATCH] ensure-docker: refactor to use ensure-package-repositories This patch refactors ensure-docker to use the new ensure-package-repostories role which cleans up the codebase for it a lot. It also converges the Debian and Ubuntu configuration as they were pretty much the same. Also, it updates the Docker to the proper GPG key as while refactoring, it was exposed that it was using the wrong key. Docker uses a different key for Debian and RHEL based packaging. Change-Id: Iad430c6a31be0750c1a0f50e12a26df230de9f4e --- roles/ensure-docker/defaults/main.yaml | 63 -------------- .../ensure-docker/tasks/docker-upstream.yaml | 42 +++++++++- roles/ensure-docker/tasks/upstream-apt.yaml | 21 ----- roles/ensure-docker/tasks/upstream-dnf.yaml | 1 - .../tasks/upstream-package-installation.yaml | 26 ------ roles/ensure-docker/tasks/upstream-yum.yaml | 27 ------ .../ensure-docker/tasks/upstream-zypper.yaml | 6 -- .../templates/docker-ce-centos.repo.j2 | 83 ------------------- .../templates/docker-ce-fedora.repo.j2 | 83 ------------------- roles/ensure-docker/templates/sources.list.j2 | 1 - roles/ensure-docker/vars/debian.yaml | 70 +++++++++++++++- roles/ensure-docker/vars/fedora.yaml | 40 ++++++++- roles/ensure-docker/vars/redhat.yaml | 40 ++++++++- roles/ensure-docker/vars/ubuntu.yaml | 19 ----- zuul-tests.d/container-roles-jobs.yaml | 3 + 15 files changed, 188 insertions(+), 337 deletions(-) delete mode 100644 roles/ensure-docker/tasks/upstream-apt.yaml delete mode 120000 roles/ensure-docker/tasks/upstream-dnf.yaml delete mode 100644 roles/ensure-docker/tasks/upstream-package-installation.yaml delete mode 100644 roles/ensure-docker/tasks/upstream-yum.yaml delete mode 100644 roles/ensure-docker/tasks/upstream-zypper.yaml delete mode 100644 roles/ensure-docker/templates/docker-ce-centos.repo.j2 delete mode 100644 roles/ensure-docker/templates/docker-ce-fedora.repo.j2 delete mode 100644 roles/ensure-docker/templates/sources.list.j2 delete mode 100644 roles/ensure-docker/vars/ubuntu.yaml diff --git a/roles/ensure-docker/defaults/main.yaml b/roles/ensure-docker/defaults/main.yaml index be126ada7..a184ecc42 100644 --- a/roles/ensure-docker/defaults/main.yaml +++ b/roles/ensure-docker/defaults/main.yaml @@ -12,66 +12,3 @@ docker_upstream_distro_remove_packages: "{{ _docker_upstream_distro_remove_packa docker_update_channel: stable docker_download_fqdn: download.docker.com docker_mirror_base_url: "{{ _docker_mirror_base_url | default('') }}" -docker_gpg_key: | - -----BEGIN PGP PUBLIC KEY BLOCK----- - - mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth - lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh - 38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq - L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7 - UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N - cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht - ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo - vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD - G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ - XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj - q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB - tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 - BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO - v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd - tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk - jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m - 6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P - XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc - FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8 - g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm - ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh - 9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5 - G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW - FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB - EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF - M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx - Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu - w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk - z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8 - eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb - VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa - 1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X - zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ - pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7 - ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ - BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY - 1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp - YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI - mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES - KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7 - JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ - cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0 - 6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5 - U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z - VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f - irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk - SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz - QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W - 9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw - 24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe - dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y - Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR - H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh - /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ - M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S - xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O - jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG - YT90qFF93M3v01BbxP+EIY2/9tiIPbrd - =0YYh - -----END PGP PUBLIC KEY BLOCK----- diff --git a/roles/ensure-docker/tasks/docker-upstream.yaml b/roles/ensure-docker/tasks/docker-upstream.yaml index 4ea73bb87..3e9f887b9 100644 --- a/roles/ensure-docker/tasks/docker-upstream.yaml +++ b/roles/ensure-docker/tasks/docker-upstream.yaml @@ -1,4 +1,8 @@ --- +- name: Not Implemented + fail: + msg: This set of tasks has not been implemented. + when: ansible_pkg_mgr == 'zypper' - name: Upstream block become: true @@ -7,7 +11,41 @@ include_role: name: use-docker-mirror - - name: Install docker-ce from upstream - include_tasks: "upstream-{{ ansible_pkg_mgr }}.yaml" + - name: Add all repositories + include_role: + name: ensure-package-repositories + vars: + repositories_keys: "{{ _docker_keys }}" + repositories_list: "{{ _docker_repos }}" + + - name: Install pre-reqs + package: + name: "{{ _docker_upstream_distro_required_packages }}" + state: present + + - name: Remove packages + package: + name: "{{ docker_upstream_distro_remove_packages }}" + state: absent + when: docker_upstream_distro_remove_packages + + # package/dnf module do not support `--nobest` option which is needed for + # installing docker-ce on centos-8 + - name: Install upstream docker using package + when: not (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8') + package: + name: "{{ docker_upstream_distro_packages }}" + state: present + notify: Restart docker + + - name: Install upstream docker using shell + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8' + shell: + cmd: | + dnf install --nobest -y {{ docker_upstream_distro_packages | join(' ') }} + warn: false + register: result + changed_when: "'Complete!' in result.stdout" + notify: Restart docker - include_tasks: docker-setup.yaml diff --git a/roles/ensure-docker/tasks/upstream-apt.yaml b/roles/ensure-docker/tasks/upstream-apt.yaml deleted file mode 100644 index 33625b576..000000000 --- a/roles/ensure-docker/tasks/upstream-apt.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -- name: Install pre-reqs - package: - name: "{{ _docker_upstream_distro_required_packages }}" - state: present - -- name: Add docker GPG key - apt_key: - data: "{{ docker_gpg_key }}" - -# TODO(mordred) We should add a proxy cache mirror for this -- name: Add docker apt repo - template: - dest: /etc/apt/sources.list.d/docker.list - group: root - mode: 0644 - owner: root - src: sources.list.j2 - -- include_tasks: upstream-package-installation.yaml diff --git a/roles/ensure-docker/tasks/upstream-dnf.yaml b/roles/ensure-docker/tasks/upstream-dnf.yaml deleted file mode 120000 index 9fa6ff24a..000000000 --- a/roles/ensure-docker/tasks/upstream-dnf.yaml +++ /dev/null @@ -1 +0,0 @@ -upstream-yum.yaml \ No newline at end of file diff --git a/roles/ensure-docker/tasks/upstream-package-installation.yaml b/roles/ensure-docker/tasks/upstream-package-installation.yaml deleted file mode 100644 index be645e2ac..000000000 --- a/roles/ensure-docker/tasks/upstream-package-installation.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Remove packages - package: - name: "{{ docker_upstream_distro_remove_packages }}" - state: absent - when: docker_upstream_distro_remove_packages - -# package/dnf module do not support `--nobest` option which is needed for -# installing docker-ce on centos-8 -- name: Install upstream docker using package - when: not (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8') - package: - name: "{{ docker_upstream_distro_packages }}" - state: present - update_cache: yes - notify: Restart docker - -- name: Install upstream docker using shell - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8' - shell: - cmd: | - dnf install --nobest -y {{ docker_upstream_distro_packages | join(' ') }} - warn: false - register: result - changed_when: "'Complete!' in result.stdout" - notify: Restart docker diff --git a/roles/ensure-docker/tasks/upstream-yum.yaml b/roles/ensure-docker/tasks/upstream-yum.yaml deleted file mode 100644 index 3ffc170f1..000000000 --- a/roles/ensure-docker/tasks/upstream-yum.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Install pre-reqs - package: - name: "{{ _docker_upstream_distro_required_packages }}" - state: present - -- name: Create tmp gpg key file - copy: - content: "{{ docker_gpg_key }}" - dest: /tmp/key.gpg - -- name: Import gpg key - rpm_key: - state: present - key: /tmp/key.gpg - -# TODO(mordred) We should add a proxy cache mirror for this -- name: Add docker repo - template: - dest: /etc/yum.repos.d/docker-ce.repo - group: root - mode: 0644 - owner: root - src: "{{ docker_repo_template }}" - -- include_tasks: upstream-package-installation.yaml diff --git a/roles/ensure-docker/tasks/upstream-zypper.yaml b/roles/ensure-docker/tasks/upstream-zypper.yaml deleted file mode 100644 index 71bf059d1..000000000 --- a/roles/ensure-docker/tasks/upstream-zypper.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: Not Implemented - fail: - msg: >- - This set of tasks has not been implemented. diff --git a/roles/ensure-docker/templates/docker-ce-centos.repo.j2 b/roles/ensure-docker/templates/docker-ce-centos.repo.j2 deleted file mode 100644 index 7fc8631e6..000000000 --- a/roles/ensure-docker/templates/docker-ce-centos.repo.j2 +++ /dev/null @@ -1,83 +0,0 @@ -[docker-ce-stable] -name=Docker CE Stable - $basearch -baseurl={{ docker_mirror_base_url }}/7/$basearch/stable -enabled=1 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-stable-debuginfo] -name=Docker CE Stable - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/7/debug-$basearch/stable -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-stable-source] -name=Docker CE Stable - Sources -baseurl={{ docker_mirror_base_url }}/7/source/stable -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge] -name=Docker CE Edge - $basearch -baseurl={{ docker_mirror_base_url }}/7/$basearch/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge-debuginfo] -name=Docker CE Edge - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/7/debug-$basearch/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge-source] -name=Docker CE Edge - Sources -baseurl={{ docker_mirror_base_url }}/7/source/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test] -name=Docker CE Test - $basearch -baseurl={{ docker_mirror_base_url }}/7/$basearch/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test-debuginfo] -name=Docker CE Test - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/7/debug-$basearch/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test-source] -name=Docker CE Test - Sources -baseurl={{ docker_mirror_base_url }}/7/source/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly] -name=Docker CE Nightly - $basearch -baseurl={{ docker_mirror_base_url }}/7/$basearch/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly-debuginfo] -name=Docker CE Nightly - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/7/debug-$basearch/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly-source] -name=Docker CE Nightly - Sources -baseurl={{ docker_mirror_base_url }}/7/source/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg diff --git a/roles/ensure-docker/templates/docker-ce-fedora.repo.j2 b/roles/ensure-docker/templates/docker-ce-fedora.repo.j2 deleted file mode 100644 index 08123c9a8..000000000 --- a/roles/ensure-docker/templates/docker-ce-fedora.repo.j2 +++ /dev/null @@ -1,83 +0,0 @@ -[docker-ce-stable] -name=Docker CE Stable - $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/$basearch/stable -enabled=1 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-stable-debuginfo] -name=Docker CE Stable - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/debug-$basearch/stable -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-stable-source] -name=Docker CE Stable - Sources -baseurl={{ docker_mirror_base_url }}/$releasever/source/stable -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge] -name=Docker CE Edge - $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/$basearch/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge-debuginfo] -name=Docker CE Edge - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/debug-$basearch/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-edge-source] -name=Docker CE Edge - Sources -baseurl={{ docker_mirror_base_url }}/$releasever/source/edge -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test] -name=Docker CE Test - $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/$basearch/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test-debuginfo] -name=Docker CE Test - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/debug-$basearch/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-test-source] -name=Docker CE Test - Sources -baseurl={{ docker_mirror_base_url }}/$releasever/source/test -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly] -name=Docker CE Nightly - $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/$basearch/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly-debuginfo] -name=Docker CE Nightly - Debuginfo $basearch -baseurl={{ docker_mirror_base_url }}/$releasever/debug-$basearch/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg - -[docker-ce-nightly-source] -name=Docker CE Nightly - Sources -baseurl={{ docker_mirror_base_url }}/$releasever/source/nightly -enabled=0 -gpgcheck=1 -gpgkey={{ docker_mirror_base_url }}/gpg diff --git a/roles/ensure-docker/templates/sources.list.j2 b/roles/ensure-docker/templates/sources.list.j2 deleted file mode 100644 index a869c32bb..000000000 --- a/roles/ensure-docker/templates/sources.list.j2 +++ /dev/null @@ -1 +0,0 @@ -deb [arch=amd64] {{ docker_mirror_base_url }} {{ ansible_lsb.codename }} {{ docker_update_channel }} diff --git a/roles/ensure-docker/vars/debian.yaml b/roles/ensure-docker/vars/debian.yaml index 925774013..0d7b6a6ac 100644 --- a/roles/ensure-docker/vars/debian.yaml +++ b/roles/ensure-docker/vars/debian.yaml @@ -1,5 +1,73 @@ --- +_docker_keys: + - data: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth + lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh + 38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq + L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7 + UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N + cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht + ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo + vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD + G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ + XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj + q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB + tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 + BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO + v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd + tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk + jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m + 6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P + XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc + FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8 + g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm + ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh + 9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5 + G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW + FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB + EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF + M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx + Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu + w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk + z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8 + eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb + VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa + 1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X + zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ + pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7 + ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ + BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY + 1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp + YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI + mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES + KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7 + JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ + cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0 + 6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5 + U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z + VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f + irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk + SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz + QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W + 9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw + 24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe + dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y + Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR + H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh + /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ + M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S + xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O + jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG + YT90qFF93M3v01BbxP+EIY2/9tiIPbrd + =0YYh + -----END PGP PUBLIC KEY BLOCK----- + +_docker_repos: + - repo: "deb [arch=amd64] {{ docker_mirror_base_url }} {{ ansible_lsb.codename }} {{ docker_update_channel }}" + _docker_distro_packages: - docker.io @@ -19,4 +87,4 @@ _docker_upstream_distro_remove_packages: docker_distro_vars_loaded: true -_docker_mirror_base_url: "https://{{ docker_download_fqdn }}/linux/debian" +_docker_mirror_base_url: "https://{{ docker_download_fqdn }}/linux/{{ ansible_lsb.id | lower }}" diff --git a/roles/ensure-docker/vars/fedora.yaml b/roles/ensure-docker/vars/fedora.yaml index a6c9a9fd7..35a369f8f 100644 --- a/roles/ensure-docker/vars/fedora.yaml +++ b/roles/ensure-docker/vars/fedora.yaml @@ -1,5 +1,43 @@ --- +_docker_keys: + - data: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ + 1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP + w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 + gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh + KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 + uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ + WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO + +VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN + spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM + +q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 + rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB + tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 + BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti + Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG + VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l + TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC + /LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 + ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ + XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao + xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra + IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL + GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi + g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW + 5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ + =0Zqq + -----END PGP PUBLIC KEY BLOCK----- + +_docker_repos: + # TODO(mordred) We should add a proxy cache mirror for this + - name: docker-ce-stable + description: Docker CE Stable - $basearch + baseurl: "{{ docker_mirror_base_url }}/$releasever/$basearch/stable" + gpgcheck: yes + _docker_distro_packages: - docker @@ -14,8 +52,6 @@ _docker_upstream_distro_packages: _docker_upstream_distro_remove_packages: - docker -docker_repo_template: docker-ce-fedora.repo.j2 - docker_distro_vars_loaded: true _docker_mirror_base_url: "https://{{ docker_download_fqdn }}/linux/fedora" diff --git a/roles/ensure-docker/vars/redhat.yaml b/roles/ensure-docker/vars/redhat.yaml index d79659139..9c1547568 100644 --- a/roles/ensure-docker/vars/redhat.yaml +++ b/roles/ensure-docker/vars/redhat.yaml @@ -1,5 +1,43 @@ --- +_docker_keys: + - data: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ + 1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP + w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 + gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh + KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 + uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ + WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO + +VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN + spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM + +q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 + rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB + tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 + BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti + Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG + VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l + TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC + /LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 + ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ + XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao + xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra + IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL + GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi + g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW + 5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ + =0Zqq + -----END PGP PUBLIC KEY BLOCK----- + +_docker_repos: + # TODO(mordred) We should add a proxy cache mirror for this + - name: docker-ce-stable + description: Docker CE Stable - $basearch + baseurl: "{{ docker_mirror_base_url }}/7/$basearch/stable" + gpgcheck: yes + _docker_distro_packages: - docker @@ -13,8 +51,6 @@ _docker_upstream_distro_packages: - docker-ce-cli - containerd.io -docker_repo_template: docker-ce-centos.repo.j2 - docker_distro_vars_loaded: true _docker_mirror_base_url: "https://{{ docker_download_fqdn }}/linux/centos" diff --git a/roles/ensure-docker/vars/ubuntu.yaml b/roles/ensure-docker/vars/ubuntu.yaml deleted file mode 100644 index 111c80bb9..000000000 --- a/roles/ensure-docker/vars/ubuntu.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -_docker_distro_packages: - - docker.io - -_docker_upstream_distro_required_packages: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common - -_docker_upstream_distro_packages: - - docker-ce - - docker-ce-cli - - containerd.io - -docker_distro_vars_loaded: true - -_docker_mirror_base_url: "https://{{ docker_download_fqdn }}/linux/ubuntu" diff --git a/zuul-tests.d/container-roles-jobs.yaml b/zuul-tests.d/container-roles-jobs.yaml index 27b2c1c90..898d1ae91 100644 --- a/zuul-tests.d/container-roles-jobs.yaml +++ b/zuul-tests.d/container-roles-jobs.yaml @@ -4,6 +4,7 @@ abstract: true files: - roles/ensure-docker/.* + - roles/ensure-package-repositories/.* - test-requirements.txt run: test-playbooks/ensure-docker.yaml @@ -73,6 +74,7 @@ - roles/pull-from-intermediate-registry/.* - roles/push-to-intermediate-registry/.* - roles/ensure-docker/.* + - roles/ensure-package-repositories/.* - roles/build-docker-image/.* - roles/run-buildset-registry/.* - roles/use-buildset-registry/.* @@ -215,6 +217,7 @@ - roles/push-to-intermediate-registry/.* - roles/ensure-docker/.* - roles/ensure-openshift/.* + - roles/ensure-package-repositories/.* - roles/build-docker-image/.* - roles/run-buildset-registry/.* - roles/use-buildset-registry/.*