83bfd5b917
* This adds some extra options to the ensure-kubernetes role:
* podman + cri-o can now be used for testing
* This mode seems to be slightly more supported than the
current profiles.
* The location for minikube install can be moved.
* The use-buildset-registry role needed slight updates in order
to populate the kubernetes registry config early.
Change-Id: Ia578f1e00432eec5d81304f70db649e420786a02
70 lines
2.2 KiB
YAML
70 lines
2.2 KiB
YAML
- name: Include OS-specific variables
|
|
include_vars: "{{ zj_distro_os }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
|
|
- "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
|
|
- "{{ ansible_distribution }}.yaml"
|
|
- "{{ ansible_os_family }}.yaml"
|
|
- "default.yaml"
|
|
loop_control:
|
|
loop_var: zj_distro_os
|
|
|
|
# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
|
|
# so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
|
|
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
|
|
become: yes
|
|
lineinfile:
|
|
path: /etc/hosts
|
|
state: present
|
|
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$"
|
|
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry"
|
|
insertafter: EOF
|
|
when: buildset_registry.host | ipaddr
|
|
|
|
- name: Set buildset_registry alias variable when using ip
|
|
set_fact:
|
|
buildset_registry_alias: zuul-jobs.buildset-registry
|
|
when: buildset_registry.host | ipaddr
|
|
|
|
- name: Set buildset_registry alias variable when using name
|
|
set_fact:
|
|
buildset_registry_alias: "{{ buildset_registry.host }}"
|
|
when: not ( buildset_registry.host | ipaddr )
|
|
|
|
- name: Ensure containers directory exists
|
|
become: yes
|
|
file:
|
|
state: directory
|
|
path: /etc/containers
|
|
mode: 0755
|
|
|
|
- name: Modify registries.conf
|
|
become: yes
|
|
modify_registries_conf:
|
|
path: /etc/containers/registries.conf
|
|
buildset_registry: "{{ buildset_registry }}"
|
|
buildset_registry_alias: "{{ buildset_registry_alias }}"
|
|
namespaces: "{{ buildset_registry_namespaces }}"
|
|
no_log: true
|
|
|
|
- name: Set up unqualified registries
|
|
become: yes
|
|
ini_file:
|
|
path: /etc/containers/registries.conf
|
|
option: unqualified-search-registries
|
|
value: "{{ buildset_registry_unqualified_registries }}"
|
|
state: present
|
|
|
|
- name: Write buildset registry TLS certificate
|
|
become: true
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt"
|
|
mode: 0644
|
|
register: _tls_ca
|
|
|
|
- name: Update CA certs # noqa: no-handler
|
|
command: "{{ ca_command }}"
|
|
become: true
|
|
when: _tls_ca is changed
|