--- - name: Fail containerd setup if distribution is not supported fail: msg: "{{ ansible_distribution }} is not supported by containerd." when: - ansible_distribution not in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk", "Suse", "openSUSE Leap", "openSUSE Tumbleweed", "Kylin Linux Advanced Server", "UnionTech", "openEuler"] - name: containerd | Remove any package manager controlled containerd package package: name: "{{ containerd_package }}" state: absent when: - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - name: containerd | Remove containerd repository file: path: "{{ yum_repo_dir }}/containerd.repo" state: absent when: - ansible_os_family in ['RedHat'] - name: containerd | Remove containerd repository apt_repository: repo: "{{ item }}" state: absent with_items: "{{ containerd_repo_info.repos }}" when: ansible_pkg_mgr == 'apt' - name: containerd | Download containerd include_tasks: "../../../download/tasks/download_file.yml" vars: download: "{{ download_defaults | combine(downloads.containerd) }}" - name: containerd | Unpack containerd archive unarchive: src: "{{ downloads.containerd.dest }}" dest: "{{ containerd_bin_dir }}" mode: 0755 remote_src: yes extra_opts: - --strip-components=1 notify: restart containerd - name: containerd | Remove orphaned binary file: path: "/usr/bin/{{ item }}" state: absent when: - containerd_bin_dir != "/usr/bin" - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) ignore_errors: true # noqa ignore-errors with_items: - containerd - containerd-shim - containerd-shim-runc-v1 - containerd-shim-runc-v2 - ctr - name: containerd | Generate systemd service for containerd template: src: containerd.service.j2 dest: /etc/systemd/system/containerd.service mode: 0644 notify: restart containerd - name: containerd | Ensure containerd directories exist file: dest: "{{ item }}" state: directory mode: 0755 owner: root group: root with_items: - "{{ containerd_systemd_dir }}" - "{{ containerd_cfg_dir }}" - "{{ containerd_storage_dir }}" - "{{ containerd_state_dir }}" - name: containerd | Write containerd proxy drop-in template: src: http-proxy.conf.j2 dest: "{{ containerd_systemd_dir }}/http-proxy.conf" mode: 0644 notify: restart containerd when: http_proxy is defined or https_proxy is defined - name: containerd | Generate default base_runtime_spec register: ctr_oci_spec command: "{{ containerd_bin_dir }}/ctr oci spec" check_mode: false changed_when: false - name: containerd | Store generated default base_runtime_spec set_fact: containerd_default_base_runtime_spec: "{{ ctr_oci_spec.stdout | from_json }}" - name: containerd | Write base_runtime_specs copy: content: "{{ item.value }}" dest: "{{ containerd_cfg_dir }}/{{ item.key }}" owner: "root" mode: 0644 with_dict: "{{ containerd_base_runtime_specs | default({}) }}" notify: restart containerd - name: containerd | Copy containerd config file template: src: config.toml.j2 dest: "{{ containerd_cfg_dir }}/config.toml" owner: "root" mode: 0640 notify: restart containerd - block: - name: containerd | Create registry directories file: path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}" state: directory mode: 0755 recurse: true with_dict: "{{ containerd_insecure_registries }}" - name: containerd | Write hosts.toml file blockinfile: path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml" mode: 0640 create: true block: | server = "{{ item.value }}" [host."{{ item.value }}"] capabilities = ["pull", "resolve", "push"] skip_verify = true with_dict: "{{ containerd_insecure_registries }}" when: containerd_use_config_path is defined and containerd_use_config_path|bool and containerd_insecure_registries is defined # you can sometimes end up in a state where everything is installed # but containerd was not started / enabled - name: containerd | Flush handlers meta: flush_handlers - name: containerd | Ensure containerd is started and enabled systemd: name: containerd daemon_reload: yes enabled: yes state: started