generated from linux-system-roles/template
-
Notifications
You must be signed in to change notification settings - Fork 16
/
create_update_kube_spec.yml
172 lines (160 loc) · 6.2 KB
/
create_update_kube_spec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
- name: Manage linger
include_tasks: manage_linger.yml
vars:
__podman_item_state: present
- name: Get the host mount volumes
set_fact:
__podman_volumes: "{{ (__dir_vols + __notype_vols) | map(attribute='path')
| unique | list }}"
vars:
__host_paths: "{{ __podman_kube['spec']['volumes'] | map('dict2items')
| list | flatten |
selectattr('key', 'match', '^hostPath$') | map(attribute='value') |
list }}"
__dir_vols: "{{ __host_paths | selectattr('type', 'defined') |
selectattr('type', 'match', '^Directory') | list }}"
__notype_vols: "{{ __host_paths | rejectattr('type', 'defined') | list }}"
when:
- podman_create_host_directories | bool
- "'volumes' in __podman_kube['spec']"
- name: Create host directories
file: "{{ __defaults | combine(podman_host_directories[__hostitem])
if __hostitem in podman_host_directories | d({})
else __defaults }}"
vars:
__hostitem: "{{ item if item in podman_host_directories | d({})
else 'DEFAULT' }}"
__owner_group: "{{ {'owner': __podman_user, 'group': __podman_group}
if __podman_rootless else {'owner': 'root', 'group': 'root'} }}"
__defaults: "{{ {'path': item} | combine(__podman_hostdirs_defaults) |
combine(__owner_group) }}"
loop: "{{ __podman_volumes }}"
when:
- podman_create_host_directories | bool
- __podman_volumes | d([]) | length > 0
- name: Ensure container images are present
containers.podman.podman_image:
name: "{{ item }}"
force: true
username: "{{ __podman_registry_username
if __podman_registry_username | length > 0 else omit }}"
password: "{{ __podman_registry_password
if __podman_registry_password | length > 0 else omit }}"
validate_certs: "{{ (__podman_validate_certs in ['', none]) |
ternary(omit, __podman_validate_certs) }}"
register: __podman_image_updated
when: __podman_pull_image | bool
until: __podman_image_updated is success
retries: "{{ podman_pull_retry | ternary(3, 0) }}"
failed_when:
- __podman_image_updated is failed
- not __podman_continue_if_pull_fails
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
loop: "{{ (__images + __init_images) | unique | list }}"
vars:
__images: "{{ __podman_kube['spec']['containers'] |
selectattr('image', 'defined') | map(attribute='image') | list
if 'containers' in __podman_kube['spec']
else [] }}"
__init_images: "{{ __podman_kube['spec']['initContainers'] |
selectattr('image', 'defined') | map(attribute='image') | list
if 'initContainers' in __podman_kube['spec']
else [] }}"
no_log: true
- name: Check the kubernetes yaml file
stat:
path: "{{ __podman_kube_file }}"
register: __podman_kube_stat
failed_when:
- not __podman_kube
- not __podman_kube_stat.stat.exists
- name: Ensure the kubernetes directory is present
file:
path: "{{ __podman_kube_file | dirname }}"
state: directory
owner: "{{ __podman_user }}"
group: "{{ __podman_group }}"
mode: "0755"
when: __podman_kube | length > 0
- name: Ensure kubernetes yaml files are present
copy:
content: "{{ __podman_kube | to_nice_yaml }}"
dest: "{{ __podman_kube_file }}"
owner: "{{ __podman_user }}"
group: "{{ __podman_group }}"
mode: "0644"
register: __podman_copy
when: __podman_kube | length > 0
- name: Update containers/pods
containers.podman.podman_play: "{{ __podman_kube_spec |
combine({'kube_file': __podman_kube_file}) }}"
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
register: __podman_play_info
- name: Reload systemctl # noqa no-handler
systemd:
daemon_reload: true
scope: "{{ __podman_systemd_scope }}"
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
when:
- __podman_play_info is changed or __podman_copy is changed
- __podman_activate_systemd_unit | bool
- name: Enable service # noqa no-handler
systemd:
name: "{{ __podman_service_name.stdout }}"
scope: "{{ __podman_systemd_scope }}"
enabled: true
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
when:
- __podman_play_info is changed or __podman_copy is changed
- __podman_activate_systemd_unit | bool
- name: Start service # noqa no-handler
systemd:
name: "{{ __podman_service_name.stdout }}"
scope: "{{ __podman_systemd_scope }}"
state: started
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
register: __podman_service_started
when:
- __podman_play_info is changed or __podman_copy is changed
- __podman_activate_systemd_unit | bool
- name: Restart service # noqa no-handler
systemd:
name: "{{ __podman_service_name.stdout }}"
scope: "{{ __podman_systemd_scope }}"
state: restarted
become: "{{ __podman_rootless | ternary(true, omit) }}"
become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
when:
- not __podman_service_started is changed
- __podman_play_info is changed or __podman_copy is changed
- __podman_activate_systemd_unit | bool
# auto update not yet working for kube play pods/containers
# - name: Ensure auto update is running for images
# become: "{{ __podman_rootless | ternary(true, omit) }}"
# become_user: "{{ __podman_rootless | ternary(__podman_user, omit) }}"
# environment:
# XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
# systemd:
# name: podman-auto-update.timer
# daemon_reload: true
# scope: "{{ __podman_systemd_scope }}"
# state: started
# enabled: true