bdae8c9433
If you need to run native arm64 builds, you can take advantage of this change which will rely on the remote builders in order to build things natively giving a significant speed up in container build time. Change-Id: I962bb2357a2c458d5e72b334b4fe36b55b034864
99 lines
4.0 KiB
YAML
99 lines
4.0 KiB
YAML
- name: Update qemu-static container settings
|
|
command: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
when: ansible_architecture == 'x86_64'
|
|
|
|
- name: Create builder
|
|
command: "docker buildx create --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %}"
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
when: inventory_hostname == ansible_play_hosts[0]
|
|
|
|
- name: Add host key to known_hosts
|
|
shell: "ssh-keyscan -H {{ ansible_host }} >> ~/.ssh/known_hosts"
|
|
when: inventory_hostname != ansible_play_hosts[0]
|
|
delegate_to: "{{ ansible_play_hosts[0] }}"
|
|
|
|
- name: Append builders from other nodes
|
|
command: "docker buildx create --append --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %} ssh://{{ ansible_user }}@{{ ansible_host }}"
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
when: inventory_hostname != ansible_play_hosts[0]
|
|
delegate_to: "{{ ansible_play_hosts[0] }}"
|
|
|
|
- name: Use builder
|
|
command: docker buildx use mybuilder
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
when: inventory_hostname == ansible_play_hosts[0]
|
|
|
|
- name: Bootstrap builder
|
|
command: docker buildx inspect --bootstrap
|
|
environment:
|
|
DOCKER_CLI_EXPERIMENTAL: enabled
|
|
when: inventory_hostname == ansible_play_hosts[0]
|
|
|
|
- name: Make tempfile for registry TLS certificate
|
|
tempfile:
|
|
state: file
|
|
register: buildkit_cert_tmp
|
|
|
|
- name: Write buildset registry TLS certificate
|
|
become: true
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "{{ buildkit_cert_tmp.path }}"
|
|
mode: preserve
|
|
when: buildset_registry is defined and buildset_registry.cert
|
|
|
|
- name: Copy buildset registry TLS cert into worker container
|
|
command: "docker cp {{ buildkit_cert_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/usr/local/share/ca-certificates"
|
|
when: buildset_registry is defined and buildset_registry.cert
|
|
|
|
- name: Update CA certs in worker container
|
|
command: "docker exec buildx_buildkit_{{ inventory_hostname | replace('-', '_') }} update-ca-certificates"
|
|
when: buildset_registry is defined and buildset_registry.cert
|
|
|
|
- name: Remove TLS cert tempfile
|
|
file:
|
|
state: absent
|
|
path: '{{ buildkit_cert_tmp.path }}'
|
|
when: buildset_registry is defined and buildset_registry.cert
|
|
|
|
- name: Make tempfile for /etc/hosts
|
|
tempfile:
|
|
state: file
|
|
register: etc_hosts_tmp
|
|
|
|
- name: Copy /etc/hosts for editing
|
|
command: "docker cp buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/etc/hosts {{ etc_hosts_tmp.path }}"
|
|
|
|
# Docker buildx has its own /etc/hosts in the builder image.
|
|
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
|
|
become: yes
|
|
lineinfile:
|
|
path: '{{ etc_hosts_tmp.path }}'
|
|
state: present
|
|
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$"
|
|
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry"
|
|
insertafter: EOF
|
|
when: buildset_registry is defined and buildset_registry.host | ipaddr
|
|
|
|
- name: Unmount the /etc/hosts mount
|
|
command: "docker exec buildx_buildkit_{{ inventory_hostname | replace('-', '_') }} umount /etc/hosts"
|
|
|
|
# NOTE(mordred) This is done in two steps. Even though we've unmounted /etc/hosts
|
|
# in the previous step, when we try to copy the file back directly, we get:
|
|
# unlinkat /etc/hosts: device or resource busy
|
|
- name: Copy modified hosts file back in
|
|
command: "docker cp {{ etc_hosts_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/etc/new-hosts"
|
|
|
|
- name: Copy modified hosts file into place
|
|
command: "docker exec buildx_buildkit_{{ inventory_hostname | replace('-', '_') }} cp /etc/new-hosts /etc/hosts"
|
|
|
|
- name: Remove tempfile for /etc/hosts
|
|
file:
|
|
state: absent
|
|
path: '{{ etc_hosts_tmp.path }}'
|