Ian Wienand 65aa2bdc1f use-buildset-registry: support microk8s
This enables microk8s/containerd to pull through the intermediate zuul
registry.  This is tested with the new
zuul-jobs-test-registry-buildset-registry-k8s-microk8s job.

Change-Id: I5a6c0d63a6ba0acf94ab9f0ef94777fab58fec6e
2023-01-09 10:37:45 -08:00

175 lines
5.4 KiB
YAML

- name: Include OS-specific variables
include_vars: "{{ zj_distro_os }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
loop_control:
loop_var: zj_distro_os
# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
# so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
become: yes
lineinfile:
path: /etc/hosts
state: present
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$"
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry"
insertafter: EOF
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using ip
set_fact:
buildset_registry_alias: zuul-jobs.buildset-registry
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using name
set_fact:
buildset_registry_alias: "{{ buildset_registry.host }}"
when: not ( buildset_registry.host | ipaddr )
- name: Ensure docker directory exists
become: yes
file:
state: directory
path: /etc/docker
mode: 0755
- name: Write buildset registry TLS certificate
become: true
copy:
content: "{{ buildset_registry.cert }}"
dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt"
mode: 0644
register: _tls_ca
- name: Update CA certs # noqa: no-handler
command: "{{ ca_command }}"
become: true
when: _tls_ca is changed
# Update daemon config
- name: Check if docker daemon configuration exists
stat:
path: /etc/docker/daemon.json
register: docker_config_stat
- name: Load docker daemon configuration
when: docker_config_stat.stat.exists
slurp:
path: /etc/docker/daemon.json
register: docker_config
- name: Parse docker daemon configuration
when: docker_config_stat.stat.exists
set_fact:
docker_config: "{{ docker_config.content | b64decode | from_json }}"
- name: Set default docker daemon configuration
when: not docker_config_stat.stat.exists
set_fact:
docker_config:
registry-mirrors: []
- name: Add registry to docker daemon configuration
vars:
new_config:
registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}/']"
set_fact:
docker_config: "{{ docker_config | combine(new_config) }}"
- name: Save docker daemon configuration
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
become: true
- name: Restart docker daemon
service:
name: docker
state: restarted
become: true
register: docker_restart
failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
- name: Ensure containers directory exists
become: yes
file:
state: directory
path: /etc/containers
mode: 0755
- name: Modify registries.conf
become: yes
modify_registries_conf:
path: /etc/containers/registries.conf
buildset_registry: "{{ buildset_registry }}"
buildset_registry_alias: "{{ buildset_registry_alias }}"
namespaces: "{{ buildset_registry_namespaces }}"
no_log: true
- name: Ensure buildkit directory exists
become: yes
file:
state: directory
path: /etc/buildkit/
mode: 0755
- name: Modify buildkitd.toml
become: yes
modify_buildkitd_toml:
path: /etc/buildkit/buildkitd.toml
buildset_registry: "{{ buildset_registry }}"
buildset_registry_alias: "{{ buildset_registry_alias }}"
namespaces: "{{ buildset_registry_namespaces }}"
no_log: true
# We use 'block' here to cause the become to apply to all the tasks
# (which does not automatically happen with include_tasks).
- name: Update docker user config to use buildset registry
become: true
become_user: "{{ buildset_registry_docker_user }}"
when: buildset_registry_docker_user is defined
block:
- name: Include user config
include_tasks: user-config.yaml
- name: Update docker user config to use buildset registry
when: buildset_registry_docker_user is not defined
block:
- name: Include user config
include_tasks: user-config.yaml
- name: Check if cri-o is installed
stat:
path: /etc/crio/crio.conf
register: crio_path
# TODO: with cri-o >= 1.16, change this to a SIGHUP of the crio process
- name: Restart cri-o
when: crio_path.stat.exists
service:
name: crio
state: restarted
become: true
# microk8s (containerd) setup
- name: Check for microk8s
stat:
path: '/var/snap/microk8s'
register: _microk8s
- name: Setup microk8s mirrors
when: _microk8s.stat.exists
become: yes
block:
- name: Setup mirrors
include_tasks: microk8s-mirror.yaml
loop: '{{ buildset_registry_namespaces }}'
loop_control:
loop_var: zj_uk8s_mirror
# NOTE(ianw) 2022-12-13 : I don't think this is strictly necessary
# when updating mirror configs. It also shouldn't hurt, so leave
# it for now.
- name: Restart microk8s
command: snap restart microk8s
- name: Wait for kubernetes connection to come back
command: timeout 10s kubectl get pods
when: kubelet_config.stat.exists or crio_path.stat.exists or _microk8s.stat.exists
register: _api_ready
until: _api_ready.rc == 0
retries: 6
delay: 10