ClusterAPI.imageBuilder/ansible/windows/roles/runtimes/tasks/containerd.yml

112 lines
3.8 KiB
YAML

# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Download containerd
win_get_url:
url: '{{ containerd_url }}'
dest: '{{ tempdir.stdout | trim }}\containerd.tar.gz'
checksum: '{{ containerd_sha256 }}'
checksum_algorithm: "sha256"
url_timeout: 300
register: containerd
retries: 5
delay: 3
until: containerd is not failed
- name: Create containerd directory structure
win_file:
path: "{{ item }}"
state: directory
loop:
- '{{ programfiles.stdout | trim }}\containerd'
- '{{ alluserprofile.stdout | trim }}\containerd\state'
- '{{ alluserprofile.stdout | trim }}\containerd\root'
- '{{ systemdrive.stdout | trim }}/opt/cni/bin'
- '{{ systemdrive.stdout | trim }}/etc/cni/net.d'
- name: Check if containerd exists
win_stat:
path: '{{ programfiles.stdout | trim }}\containerd\containerd.exe'
register: containerd_file
- name: Unpack containerd binaries
win_command: cmd /c tar -zxvf {{ containerd.dest }} -C "{{ programfiles.stdout | trim }}\containerd" --strip-components 1
when: not containerd_file.stat.exists
- name: Add containerd to path
win_path:
elements:
- '{{ programfiles.stdout | trim }}\containerd'
scope: machine
- name: Copy containerd config file {{ containerd_config_file }}
win_template:
dest: '{{ programfiles.stdout | trim }}\containerd\config.toml'
src: "{{ containerd_config_file }}"
vars:
allusersprofile: "{{ alluserprofile.stdout | trim }}"
plugin_bin_dir: "{{ systemdrive.stdout | trim }}/opt/cni/bin"
plugin_conf_dir: "{{ systemdrive.stdout | trim }}/etc/cni/net.d"
# programfiles is C:\Program Files, but should be C:\\Program Files
# otherwise task Register Containerd fails with "invalid escape sequence: \P"
containerd_conf_dir: '{{ programfiles.stdout | trim | regex_replace("\\", "\\\\") }}\\\\containerd'
- name: Check if a Containerd service is installed
win_service:
name: containerd
register: containerd_service
- name: Register Containerd
win_shell: |
#refresh the path to ensure ansible sees update
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
containerd.exe --register-service
when: containerd_service.exists == false
# Enables DNS resolution of SMB shares
# https://github.com/kubernetes-sigs/windows-gmsa/issues/30#issuecomment-802240945
- name: Apply SMB Resolution Fix for containerd
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Services\hns\State
state: present
name: EnableCompartmentNamespace
data: 1
type: dword
- name: Create Windows Defender Exclusions
win_shell: |
Add-MpPreference -ExclusionProcess "{{ programfiles.stdout | trim }}\containerd\containerd.exe"
Add-MpPreference -ExclusionProcess "{{ programfiles.stdout | trim }}\containerd\ctr.exe"
- name: Ensure Containerd Service is running
win_service:
name: containerd
start_mode: auto
state: started
- name: Pre-pull containerd images
win_shell: |
#refresh the path to ensure ansible sees update
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
ctr.exe -n k8s.io images pull {{ item }}
loop: "{{ images }}"
async: 1800
poll: 60
retries: 5
register: pull
until: pull is not failed
when: (prepull | bool)
vars:
images: "{{ prepull_images[distribution_version] | default([]) }}"