ClusterAPI.imageBuilder/ansible/roles/containerd/tasks/main.yml

170 lines
5.0 KiB
YAML

# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
# TODO(vincepri): Use deb/rpm packages once available.
# See https://github.com/containerd/containerd/issues/1508 for context.
- name: download containerd
get_url:
url: "{{ containerd_url }}"
checksum: "sha256:{{ containerd_sha256 }}"
dest: /tmp/containerd.tar.gz
mode: 0600
- name: download containerd-wasm-shims
get_url:
url: "{{ containerd_wasm_shims_url }}"
checksum: "sha256:{{ containerd_wasm_shims_sha256 }}"
dest: /tmp/containerd_wasm_shims.tar.gz
mode: 0600
when: containerd_wasm_shims_runtimes | length > 0
- name: Create a directory if it does not exist
file:
path: "{{ sysusr_prefix }}/bin"
state: directory
mode: 0755
# TODO(vincepri): This unpacks the entire tar in the root directory
# we should find a better way to check what's being unpacked and where.
- name: unpack containerd
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
- name: unpack containerd for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --absolute-names
- --transform
- 's@usr@opt@'
- --transform
- 's@sbin@bin@'
- --transform
- 's@opt/local@opt@'
when: ansible_os_family == "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family == "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
# Remove /opt/cni directory, as we will install cni later
- name: delete /opt/cni directory
file:
path: /opt/cni
state: absent
# Remove /etc/cni directory, as we will configure cni later
- name: delete /etc/cni directory
file:
path: /etc/cni
state: absent
- name: Creates unit file directory
file:
path: /etc/systemd/system/containerd.service.d
state: directory
- name: Create systemd unit drop-in file for containerd to run from /opt/bin
template:
dest: /etc/systemd/system/containerd.service.d/10-opt-bin-custom.conf
src: etc/systemd/system/containerd-flatcar.conf
mode: 0600
when: ansible_os_family == "Flatcar"
- name: Create containerd memory pressure drop in file
template:
dest: /etc/systemd/system/containerd.service.d/memory-pressure.conf
src: etc/systemd/system/containerd.service.d/memory-pressure.conf
mode: 0644
- name: Create containerd max tasks drop in file
template:
dest: /etc/systemd/system/containerd.service.d/max-tasks.conf
src: etc/systemd/system/containerd.service.d/max-tasks.conf
mode: 0644
- name: Create containerd http proxy conf file if needed
template:
dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
src: etc/systemd/system/containerd.service.d/http-proxy.conf
mode: 0644
when: http_proxy is defined or https_proxy is defined
- name: Creates containerd config directory
file:
path: /etc/containerd
state: directory
- name: Copy in containerd config file {{ containerd_config_file }}
template:
dest: /etc/containerd/config.toml
src: "{{ containerd_config_file }}"
mode: 0644
- name: Copy in crictl config
template:
dest: /etc/crictl.yaml
src: etc/crictl.yaml
- name: start containerd service
systemd:
name: containerd
daemon_reload: yes
enabled: True
state: restarted
- name: delete tarball
file:
path: /tmp/containerd.tar.gz
state: absent
- name: delete tarball
file:
path: /tmp/containerd_wasm_shims.tar.gz
state: absent