kubespray/roles/container-engine/containerd/tasks/main.yml

123 lines
3.7 KiB
YAML

---
- import_tasks: facts.yml
tags:
- facts
- name: Fail containerd setup if distribution is not supported
fail:
msg: "{{ ansible_distribution }} is not supported by containerd."
when:
- not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: disable unified_cgroup_hierarchy in Fedora 31+
command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
when:
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- name: reboot in Fedora 31+
reboot:
when:
- ansible_distribution == "Fedora"
- (ansible_distribution_major_version | int) >= 31
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
- not is_ostree
- name: containerd | Remove any package manager controlled containerd package
package:
name: "{{ containerd_package }}"
state: absent
when:
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
- name: containerd | Remove containerd repository
file:
path: "{{ yum_repo_dir }}/containerd.repo"
state: absent
when:
- ansible_os_family in ['RedHat']
- name: containerd | Remove containerd repository
apt_repository:
repo: "{{ item }}"
state: absent
with_items: "{{ containerd_repo_info.repos }}"
when: ansible_pkg_mgr == 'apt'
- name: containerd | Download containerd
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.containerd) }}"
- name: containerd | Unpack containerd archive
unarchive:
src: "{{ downloads.containerd.dest }}"
dest: "{{ containerd_bin_dir }}"
mode: 0755
remote_src: yes
extra_opts:
- --strip-components=1
notify: restart containerd
- name: containerd | Remove orphaned binary
file:
path: "/usr/bin/{{ item }}"
state: absent
when: containerd_bin_dir != "/usr/bin"
ignore_errors: true # noqa ignore-errors
with_items:
- containerd
- containerd-shim
- containerd-shim-runc-v1
- containerd-shim-runc-v2
- ctr
- name: containerd | Generate systemd service for containerd
template:
src: containerd.service.j2
dest: /etc/systemd/system/containerd.service
mode: 0644
notify: restart containerd
- name: containerd | Ensure containerd directories exist
file:
dest: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
with_items:
- "{{ containerd_systemd_dir }}"
- "{{ containerd_cfg_dir }}"
- "{{ containerd_storage_dir }}"
- "{{ containerd_state_dir }}"
- name: containerd | Write containerd proxy drop-in
template:
src: http-proxy.conf.j2
dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
mode: 0644
notify: restart containerd
when: http_proxy is defined or https_proxy is defined
- name: containerd | Copy containerd config file
template:
src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root"
mode: 0640
notify: restart containerd
# you can sometimes end up in a state where everything is installed
# but containerd was not started / enabled
- name: containerd | Flush handlers
meta: flush_handlers
- name: containerd | Ensure containerd is started and enabled
service:
name: containerd
enabled: yes
state: started