- name: Include OS-specific variables include_vars: "{{ zj_distro_os }}" with_first_found: - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml" - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml" - "{{ ansible_distribution }}.yaml" - "{{ ansible_os_family }}.yaml" - "default.yaml" loop_control: loop_var: zj_distro_os # Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag # so we set up /etc/hosts with a registry alias name to support ipv6 and 4. - name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses become: yes lineinfile: path: /etc/hosts state: present regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$" line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry" insertafter: EOF when: buildset_registry.host | ipaddr - name: Set buildset_registry alias variable when using ip set_fact: buildset_registry_alias: zuul-jobs.buildset-registry when: buildset_registry.host | ipaddr - name: Set buildset_registry alias variable when using name set_fact: buildset_registry_alias: "{{ buildset_registry.host }}" when: not ( buildset_registry.host | ipaddr ) - name: Ensure docker directory exists become: yes file: state: directory path: /etc/docker mode: 0755 - name: Write buildset registry TLS certificate become: true copy: content: "{{ buildset_registry.cert }}" dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt" mode: 0644 register: _tls_ca - name: Update CA certs # noqa: no-handler command: "{{ ca_command }}" become: true when: _tls_ca is changed # Update daemon config - name: Check if docker daemon configuration exists stat: path: /etc/docker/daemon.json register: docker_config_stat - name: Load docker daemon configuration when: docker_config_stat.stat.exists slurp: path: /etc/docker/daemon.json register: docker_config - name: Parse docker daemon configuration when: docker_config_stat.stat.exists set_fact: docker_config: "{{ docker_config.content | b64decode | from_json }}" - name: Set default docker daemon configuration when: not docker_config_stat.stat.exists set_fact: docker_config: registry-mirrors: [] - name: Add registry to docker daemon configuration vars: new_config: registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}/']" set_fact: docker_config: "{{ docker_config | combine(new_config) }}" - name: Save docker daemon configuration copy: content: "{{ docker_config | to_nice_json }}" dest: /etc/docker/daemon.json mode: 0644 become: true - name: Restart docker daemon service: name: docker state: restarted become: true register: docker_restart failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg - name: Ensure containers directory exists become: yes file: state: directory path: /etc/containers mode: 0755 - name: Modify registries.conf become: yes modify_registries_conf: path: /etc/containers/registries.conf buildset_registry: "{{ buildset_registry }}" buildset_registry_alias: "{{ buildset_registry_alias }}" namespaces: "{{ buildset_registry_namespaces }}" - name: Ensure buildkit directory exists become: yes file: state: directory path: /etc/buildkit/ mode: 0755 - name: Modify buildkitd.toml become: yes modify_buildkitd_toml: path: /etc/buildkit/buildkitd.toml buildset_registry: "{{ buildset_registry }}" buildset_registry_alias: "{{ buildset_registry_alias }}" namespaces: "{{ buildset_registry_namespaces }}" # We use 'block' here to cause the become to apply to all the tasks # (which does not automatically happen with include_tasks). - name: Update docker user config to use buildset registry become: true become_user: "{{ buildset_registry_docker_user }}" when: buildset_registry_docker_user is defined block: - include_tasks: user-config.yaml - name: Update docker user config to use buildset registry when: buildset_registry_docker_user is not defined block: - include_tasks: user-config.yaml - name: Check if cri-o is installed stat: path: /etc/crio/crio.conf register: crio_path # TODO: with cri-o >= 1.16, change this to a SIGHUP of the crio process - name: Restart cri-o when: crio_path.stat.exists service: name: crio state: restarted become: true - name: Wait for kubernetes connection to come back command: timeout 10s kubectl get pods when: kubelet_config.stat.exists or crio_path.stat.exists register: _api_ready until: _api_ready.rc == 0 retries: 6 delay: 10