zuul/zuul-jobs
Code Issues Proposed changes
zuul-jobs/roles/use-buildset-registry/tasks/main.yaml
Jan Gutter e637029091
Fix k8s-crio buildset registry test 
* It looks like zuul-jobs-test-registry-buildset-registry-k8s-crio
  is busted with Ubuntu Jammy + cri-o installed from kubic, with
  errors like https://github.com/cri-o/ocicni/issues/77
  (also, kubic has been wound down and cri-o has been spun off)
* cri-o in Noble uninstalls docker-ce, in a follow-up we should
  clean that up and switch to a pure podman profile
* This minikube configuration is not supported, but it seems that
  upstream cri-o might have made some fixes that makes it work

* Update the job to use Ubuntu Noble instead of Jammy
* Update ensure-podman for Ubuntu Noble
  (podman is now part of the Ubuntu distro)
* Update the cri-o install in ensure-minikube for Ubuntu Noble and later
  (cri-o is now part of k8s)

Other miscellaneous fixes and workarounds:

* k8s.gcr.io is being sunsetted, updated the test image:
  https://kubernetes.io/blog/2023/03/10/image-registry-redirect/
* Relaxed the security to run minikube from /tmp (in future,
  we should set the default to /usr/local/bin)
* Updated the microk8s check-distro task for Noble

Change-Id: I3b0cbac5c72c31577797ba294de8b8c025f8c2c3
2024-08-22 20:50:31 +01:00

200 lines
6.0 KiB
YAML
Raw Blame History

- name: Include OS-specific variables
include_vars: "{{ zj_distro_os }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
loop_control:
loop_var: zj_distro_os
# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
# so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
become: yes
lineinfile:
path: /etc/hosts
state: present
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset-registry$"
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset-registry"
insertafter: EOF
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using ip
set_fact:
buildset_registry_alias: zuul-jobs.buildset-registry
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using name
set_fact:
buildset_registry_alias: "{{ buildset_registry.host }}"
when: not ( buildset_registry.host | ipaddr )
- name: Ensure docker directory exists
become: yes
file:
state: directory
path: /etc/docker
mode: 0755
- name: Write buildset registry TLS certificate
become: true
copy:
content: "{{ buildset_registry.cert }}"
dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt"
mode: 0644
register: _tls_ca
- name: Update CA certs # noqa: no-handler
command: "{{ ca_command }}"
become: true
when: _tls_ca is changed
# Update daemon config
- name: Check if docker daemon configuration exists
stat:
path: /etc/docker/daemon.json
register: docker_config_stat
- name: Load docker daemon configuration
when: docker_config_stat.stat.exists
slurp:
path: /etc/docker/daemon.json
register: docker_config
- name: Parse docker daemon configuration
when: docker_config_stat.stat.exists
set_fact:
docker_config: "{{ docker_config.content | b64decode | from_json }}"
- name: Set default docker daemon configuration
when: not docker_config_stat.stat.exists
set_fact:
docker_config:
registry-mirrors: []
- name: Add registry to docker daemon configuration
vars:
new_config:
registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}/']"
set_fact:
docker_config: "{{ docker_config | combine(new_config) }}"
- name: Save docker daemon configuration
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
become: true
- name: Populate service facts
service_facts:
# This is a copy of the logic from the ensure-docker handlers
- name: Restart docker if it exists
block:
- name: Stop docker.socket to avoid any conflict
become: true
service:
name: docker.socket
enabled: yes
state: stopped
failed_when: false
- name: Assure docker service is running
become: true
service:
name: docker
enabled: yes
state: started
- name: Assure docker.socket service is running
become: true
service:
name: docker.socket
enabled: yes
state: started
failed_when: false
when:
# docker-ce may have been uninstalled by cri-o
- "'docker.service' in ansible_facts.services"
- ansible_facts.services['docker.service']['status'] != 'not-found'
- name: Ensure containers directory exists
become: yes
file:
state: directory
path: /etc/containers
mode: 0755
- name: Modify registries.conf
become: yes
modify_registries_conf:
path: /etc/containers/registries.conf
buildset_registry: "{{ buildset_registry }}"
buildset_registry_alias: "{{ buildset_registry_alias }}"
namespaces: "{{ buildset_registry_namespaces }}"
no_log: true
- name: Ensure buildkit directory exists
become: yes
file:
state: directory
path: /etc/buildkit/
mode: 0755
- name: Modify buildkitd.toml
become: yes
modify_buildkitd_toml:
path: /etc/buildkit/buildkitd.toml
buildset_registry: "{{ buildset_registry }}"
buildset_registry_alias: "{{ buildset_registry_alias }}"
namespaces: "{{ buildset_registry_namespaces }}"
no_log: true
# We use 'block' here to cause the become to apply to all the tasks
# (which does not automatically happen with include_tasks).
- name: Update docker user config to use buildset registry
become: true
become_user: "{{ buildset_registry_docker_user }}"
when: buildset_registry_docker_user is defined
block:
- name: Include user config
include_tasks: user-config.yaml
- name: Update docker user config to use buildset registry
when: buildset_registry_docker_user is not defined
block:
- name: Include user config
include_tasks: user-config.yaml
- name: Check if cri-o is installed
stat:
path: /etc/crio/crio.conf
register: crio_path
# TODO: with cri-o >= 1.16, change this to a SIGHUP of the crio process
- name: Restart cri-o
when: crio_path.stat.exists
service:
name: crio
state: restarted
become: true
# microk8s (containerd) setup
- name: Check for microk8s
stat:
path: '/var/snap/microk8s'
register: _microk8s
- name: Setup microk8s mirrors
when: _microk8s.stat.exists
become: yes
block:
- name: Setup mirrors
include_tasks: microk8s-mirror.yaml
loop: '{{ buildset_registry_namespaces }}'
loop_control:
loop_var: zj_uk8s_mirror
# NOTE(ianw) 2022-12-13 : I don't think this is strictly necessary
# when updating mirror configs. It also shouldn't hurt, so leave
# it for now.
- name: Restart microk8s
command: snap restart microk8s
- name: Wait for kubernetes connection to come back
command: timeout 10s kubectl get pods
when: kubelet_config.stat.exists or crio_path.stat.exists or _microk8s.stat.exists
register: _api_ready
until: _api_ready.rc == 0
retries: 6
delay: 10
View Git Blame Copy Permalink